Re: [systemd-devel] Authenticated Boot and Disk Encryption on Linux
Lennart Poettering writes: > On Mi, 29.09.21 21:09, Łukasz Stelmach (stl...@poczta.fm) wrote: >> Hi, Lennart. >> >> I read your blog post and there is little I can add regarding >> encryption/authentication*. However, distributions need to address one >> more detail, I think. You've mentioned recovery scenarios, but even with >> an additional set of keys stored securely, there are enough moving parts >> in FDE that something may go wrong beyond what recovery keys could >> fix. To help users minimise the risk of data loss distributions should >> provide backup tools and help configure them securely. >> >> This is of course outside of the scope of your original post, but IMHO >> it is a good moment to mention this. >> >> * Well there is one tiny detail. >> >> You noted double encryption needs to be avoided in case of home >> directory images by storing them on a separate partition. Separating >> /home may be considered a slight inefficiency in storage usage, but >> using LVM to distribute storage space between the root(+/usr) and /home >> might help. However, to best of my knowledge (which I will be glad to >> update) there is no tool to dynamically and automatically manage storage >> space used by home images. In theory the code is there, but UX of >> resize2fs(8) and dd(1) is far from satisfying and I am not entirely sure >> what happens if one truncates (after resize2fs, which will work) >> a file containing a mounted image. >> >> The first solution that comes to my mind is to make systemd-homed resize >> home filesystem images according to some policy upon locking and >> unlocking. But it's not perfect as users would need to log out(?) to >> trigger allocation of more storage should they fill their home >> directory. > > I have been working on code in homed to "balance" free space between > active home dirs in regular intervals (shorter intervals when disk > space is low, higher intervals when there's plenty). Also, right now > we already run FITRIM on home dirs on logout, to make sure all air is > removed then. I intend to also add logic to shrink to minimal size > then (and conversely grow on login again). > > This will only really work in case btrfs is used inside the homedir > images, as only then we can both shrink and grow the fs whenever we > want to. Interesting. Apparently[1] loopback driver punches holes in the image files and makes them sparse. This should allow for overcommit on the /home fs. I don't know at the moment how would the loopback driver (and the overlying fs) react in case it can't fill the holse punched earlier because other users took all the space on /home. As you can see below this works with ext2 as an fs. --8<---cut here---start->8--- root@zniczek:~# dd if=/dev/zero of=img1 bs=1M count=10 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0.0136506 s, 768 MB/s root@zniczek:~# ls -ls img1 10240 -rw-r--r-- 1 root root 10485760 Sep 30 18:40 img1 ^ root@zniczek:~# mke2fs img1 mke2fs 1.46.2 (28-Feb-2021) Discarding device blocks: done Creating filesystem with 10240 1k blocks and 2560 inodes Filesystem UUID: 176248e1-4845-46e6-9f49-762ce9d0ea6b Superblock backups stored on blocks: 8193 Allocating group tables: done Writing inode tables: done Writing superblocks and filesystem accounting information: done root@zniczek:~# ls -ls img1 140 -rw-r--r-- 1 root root 10485760 Sep 30 18:41 img1 ^^^ root@zniczek:~# mount -o loop,discard img1 /mnt root@zniczek:~# fstrim -v /mnt /mnt: 9.6 MiB (10054656 bytes) trimmed root@zniczek:~# ls -ls img1 76 -rw-r--r-- 1 root root 10485760 Sep 30 18:41 img1 ^^ # dd if=/dev/urandom of=/mnt/foo bs=1M count=2 2+0 records in 2+0 records out 2097152 bytes (2.1 MB, 2.0 MiB) copied, 0.0155418 s, 135 MB/s # ls -ls img1 92 -rw-r--r-- 1 root root 10485760 Sep 30 18:48 img1 ^^ # sync # ls -ls img1 2156 -rw-r--r-- 1 root root 10485760 Sep 30 18:48 img1 --8<---cut here---end--->8--- BTW. You wrote: > [Encryption] isn't typically needed for /usr/ given that it generally > contains no secret data This isn't IMHO precisely true. Especially not for laptops. And I don't mean the presence of "hacking tools" you mentioned below. Even when all the binaries in the /usr all come from the Internet there are many different versions available. Knowledge which versions are running on a device may be quite valuable for an attacker to mount an remote on-line attack and extract data with malware. I don't have any hard numbers at hand, but I suspect with a plenty of RAM most frequently used binaries will be decrypted and cached so the CPU overhead is *propably* negligible. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/block/loop.c?h=v5.10#n625 -- Miłego dnia, Łukasz Stelmach signature.asc Description: PGP signature
Re: [systemd-devel] Authenticated Boot and Disk Encryption on Linux
Hi, Lennart. I read your blog post and there is little I can add regarding encryption/authentication*. However, distributions need to address one more detail, I think. You've mentioned recovery scenarios, but even with an additional set of keys stored securely, there are enough moving parts in FDE that something may go wrong beyond what recovery keys could fix. To help users minimise the risk of data loss distributions should provide backup tools and help configure them securely. This is of course outside of the scope of your original post, but IMHO it is a good moment to mention this. * Well there is one tiny detail. You noted double encryption needs to be avoided in case of home directory images by storing them on a separate partition. Separating /home may be considered a slight inefficiency in storage usage, but using LVM to distribute storage space between the root(+/usr) and /home might help. However, to best of my knowledge (which I will be glad to update) there is no tool to dynamically and automatically manage storage space used by home images. In theory the code is there, but UX of resize2fs(8) and dd(1) is far from satisfying and I am not entirely sure what happens if one truncates (after resize2fs, which will work) a file containing a mounted image. The first solution that comes to my mind is to make systemd-homed resize home filesystem images according to some policy upon locking and unlocking. But it's not perfect as users would need to log out(?) to trigger allocation of more storage should they fill their home directory. Anyway, the post is very interesting and I am looking forward to further developments. -- Miłego dnia, Łukasz Stelmach signature.asc Description: PGP signature
[systemd-devel] [RFC] AddMatch on a private/direct bus
Hi. We are developing a daemon that is monitoring a system. One of its sources of information is systemd. To avoid dependency on dbus-daemon (which may fail and cripple our daemon) the daemon connects to /run/systemd/private to listen to signals emitted by systemd. However, we don't need all signals, only a few. Thus we are going to create code which will filter and dispatch signals. We think the best place for such code is not our daemon but rather sd-bus. Our question is: would you accept the patch adding a signal filter/dispatcher for direct DBus connections? Do you have any recommendation for such functionality Kind regards, -- Łukasz Stelmach Samsung R Institute Poland Samsung Electronics signature.asc Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] logging API
Hello. I am writing a new piece of code. After several dozens of fprintf(3) calls here and there I decided to clean that mess. I really like the internal logging API (log_error(), log_debug(), log_info_errno() etc.) used by systemd parts. Is it possible to make it part of the public libsystemd API? Where to start the work? -- Łukasz Stelmach Samsung R Institute Poland Samsung Electronics signature.asc Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] udev vs. nscd vs. /var automount
Michal Soltys <sol...@ziu.info> writes: > On 2016-04-08 18:12, Andrei Borzenkov wrote: >> 08.04.2016 18:20, Michael Biebl пишет: >>> 2016-04-08 16:25 GMT+02:00 Michal Soltys <sol...@ziu.info>: >>>> On your root partition keep /var/run symlink to /run - so regardless if >>>> /var >>>> is or isn't mounted, the path will be correct. Wouldn't that help ? (unless >>>> I missed something) >>> >>> That only work for late boot though. Consider the case where /var is a >>> separate partition. The symlink will only be available once /var has >>> been mounted, i.e. after local-fs.target. >> >> But the idea was to have link on *root* partition, i.e. before /var is >> mounted. >> > Exactly that was my point. It does not work like that. systemd mounts autofs, which covers any contents of /var stored on the root partition, before udev starts. When it starts it hits autofs which triggers systemd which is waiting for udev to provide list of available devices. Bummer! -- Miłego dnia, Łukasz Stelmach ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] udev vs. nscd vs. /var automount
It was <2016-04-07 czw 15:52>, when Lennart Poettering wrote: > On Wed, 06.04.16 11:15, Łukasz Stelmach (l.stelm...@samsung.com) wrote: >> I've hit a problem caused by a mix of: automounting + glibc + udev + my >> partition layout. Apparently it is impossible to make /var automountable >> because udev (which needs to enumerate devices befor mounting them) is >> trying to connect to /var/run/nscd/socket (that's actually glibc >> code). This attempt does not fail because autofs tells there still is >> hope that the path will appear soon but it won't because udev can't tell >> the device to mount exists. >> >> I've checked glibc source and it still refers to /var/run/nscd/socket >> rather than /run/nscd/socket. As far as I know there is no way to >> disable nscd lookups. >> >> Any idead how to cope with it? > > Don't see any. Only option really is to fix glibc to not use /var/run > anymore, but use /run instead. Consider filing a bug against glibc. I am considering ;-) I talked on IRC that a patch implementing compile-time configuration should be acceptable. -- Łukasz Stelmach Samsung R Institute Poland Samsung Electronics signature.asc Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] udev vs. nscd vs. /var automount
It was <2016-04-06 śro 11:43>, when Jóhann B. Guðmundsson wrote: > On 04/06/2016 09:15 AM, Łukasz Stelmach wrote: >> I've hit a problem caused by a mix of: automounting + glibc + udev + my >> partition layout. Apparently it is impossible to make /var automountable >> because udev (which needs to enumerate devices befor mounting them) is >> trying to connect to /var/run/nscd/socket (that's actually glibc >> code). This attempt does not fail because autofs tells there still is >> hope that the path will appear soon but it won't because udev can't tell >> the device to mount exists. >> >> I've checked glibc source and it still refers to /var/run/nscd/socket >> rather than /run/nscd/socket. As far as I know there is no way to >> disable nscd lookups. >> >> Any idead how to cope with it? > > Cant you disable nscd it in glibc via configuration options via > --disable-nscd and or --disable-nscd --enable-build-nscd if you dont > need/want it? It is on my list I am just not sure "I", which is more like "we" actually, don't need it. I need to ask. > Then there is this patch [1] which may or may not have been upstreamed > already... > > 1. > https://github.com/OpenMandrivaAssociation/glibc/commit/e251ac2a53eb4a4571b7c7a7fd79e2091478bdc2 This looks even better. Thanks. -- Łukasz Stelmach Samsung R Institute Poland Samsung Electronics signature.asc Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] udev vs. nscd vs. /var automount
Hi, I've hit a problem caused by a mix of: automounting + glibc + udev + my partition layout. Apparently it is impossible to make /var automountable because udev (which needs to enumerate devices befor mounting them) is trying to connect to /var/run/nscd/socket (that's actually glibc code). This attempt does not fail because autofs tells there still is hope that the path will appear soon but it won't because udev can't tell the device to mount exists. I've checked glibc source and it still refers to /var/run/nscd/socket rather than /run/nscd/socket. As far as I know there is no way to disable nscd lookups. Any idead how to cope with it? Kind regards, -- Łukasz Stelmach Samsung R Institute Poland Samsung Electronics signature.asc Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] overriding udev rules
Dnia 28 lutego 2016 12:51:51 CET, "Mantas Mikulėnas" <graw...@gmail.com> napisał(a): >On Sun, Feb 28, 2016 at 12:40 PM, Łukasz Stelmach <stl...@poczta.fm> >wrote: > >> Hi, >> >> One of the default rules supplied by systemd (v215 in Debian) is >> responsible restoring the state of rfkill switches. >> >> SUBSYSTEM=="rfkill", TAG+="systemd", >> ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service" >> >> For a reason or two I'd like to override it and not restore the >state. >> I don't want make a copy of 99-systemd.rules in /etc just to edit one >> line. Is there any other reasonable way to prevent the above rule >from >> being executed? >> > >You can `systemctl mask systemd-rfkill@.service`. OK, this is an option, thanks. What if i would like to override the rule and execute the service for some devives? -- Łukasz Stelmach z podróży ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] overriding udev rules
Hi, One of the default rules supplied by systemd (v215 in Debian) is responsible restoring the state of rfkill switches. SUBSYSTEM=="rfkill", TAG+="systemd", ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service" For a reason or two I'd like to override it and not restore the state. I don't want make a copy of 99-systemd.rules in /etc just to edit one line. Is there any other reasonable way to prevent the above rule from being executed? Kind regards, -- Było mi bardzo miło. --- Rurku. --- ... >Łukasz<--- To dobrze, że mnie słuchasz. pgpmyVDWozbQG.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] suspend/resume hooks, the right way
Andrei Borzenkov <arvidj...@gmail.com> writes: > 25.09.2015 23:17, Łukasz Stelmach пишет: >> Hi, >> >> systemd-sleep(8) states >> >> Note that scripts or binaries dropped in >> /usr/lib/systemd/system-sleep/ >> are intended for local use only and should be considered hacks. If >> applications want to be notified of system suspend/hibernation and >> resume, there are much nicer interfaces available. >> >> What is the right way to hook some oneshot services like battery status >> monitor[1] into systemd so they get executed as pre-sleep and >> post-resume (or more specifically (pre|post)-(suspend|hibernate|hybrid-sleep) >> if possible) hooks? >> I found some notes[2] on Arch wiki. > > This one looks pretty fine as system-sleep hook. What's wrong with it? See right below. >> Unfortunately the unit with both StopWhenUnneeded and RemainAfterExit >> does not work well when triggered with timer because it executes both >> ExecStart and ExecStop commands and puts duplicate entries in the >> log. I'd like to run a service (the script) on three different ocassions: + once every 15 fifteen minutes (via timer unit) + upon "power" state changes: + power on and off (that's easy and obvioius) + sleep and resume (of every kind) + DC jack pluged in and out The service is definitely a "oneshot" type, programme is started does its job end exits. According to systemd "tradition" as I perceive it, the service file should look like this: --8<---cut here---start->8--- [Unit] Description=Record Battery Status [Service] Type=oneshot ExecStart=/root/bin/battery-status.sh --8<---cut here---end--->8--- I'd like to have *one* service file attached to different triggers. I don't want to add stuff like "StopWhenUnneeded=yes", "RemainAfterExit=yes" "ExecStop=..." because: + it does not work, it causes the script to be fired twice in a row with a timer + it looks a bit abusive (that's subjective of course), somthing like trying to make the unit Turing-complete. Let's say that I consider the below unit still a valid non-abusive unit. --8<---cut here---start->8--- [Unit] Description=Record Battery Status Before=sleep.target shutdown.target [Service] Type=oneshot ExecStart=/root/bin/battery-status.sh [Install] WantedBy=sleep.target shutdown.target --8<---cut here---end--->8--- Such service works as expected: + with the timer + upon suspend/shutdown. It does not work upon resume. I know that there is no resume.target and making services run upon resume isn't as streightforward as "WantedBy=resume.target" or "WantedBy=post-hibernate.target". However, I hoped (hope) it isn't as hacky as StopWhenUnneeded+ExecStop which, although logically correct, isn't the way I would like to express my intentions about running a service after resuming from sleep. And I hope I don't need to write a separate long running service that detects suspends/resumes/shutdown/reboots and acts accordingly. >> Then, does any part of systemd (package) react to plugging and >> unplugging DC jack into a laptop? >> >> [1] >> http://people.skolelinux.org/pere/blog/The_life_and_death_of_a_laptop_battery.html >> [2] https://wiki.archlinux.org/index.php/Power_management#Sleep_hooks >> > -- Było mi bardzo miło. --- Rurku. --- ... >Łukasz<--- To dobrze, że mnie słuchasz. pgp3V6L0ZWlsb.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] suspend/resume hooks, the right way
Andrei Borzenkov <arvidj...@gmail.com> writes: > 25.09.2015 23:17, Łukasz Stelmach пишет: >> Hi, >> >> systemd-sleep(8) states >> >> Note that scripts or binaries dropped in >> /usr/lib/systemd/system-sleep/ >> are intended for local use only and should be considered hacks. If >> applications want to be notified of system suspend/hibernation and >> resume, there are much nicer interfaces available. >> >> What is the right way to hook some oneshot services like battery status >> monitor[1] into systemd so they get executed as pre-sleep and >> post-resume (or more specifically (pre|post)-(suspend|hibernate|hybrid-sleep) >> if possible) hooks? >> I found some notes[2] on Arch wiki. > > This one looks pretty fine as system-sleep hook. What's wrong with it? See right below. >> Unfortunately the unit with both StopWhenUnneeded and RemainAfterExit >> does not work well when triggered with timer because it executes both >> ExecStart and ExecStop commands and puts duplicate entries in the >> log. I'd like to run a service (the script) on three different ocassions: + once every 15 fifteen minutes (via timer unit) + upon "power" state changes: + power on and off (that's easy and obvioius) + sleep and resume (of every kind) + DC jack pluged in and out The service is definitely a "oneshot" type, programme is started does its job end exits. According to systemd "tradition" as I perceive it, the service file should look like this: --8<---cut here---start->8--- [Unit] Description=Record Battery Status [Service] Type=oneshot ExecStart=/root/bin/battery-status.sh --8<---cut here---end--->8--- I'd like to have *one* service file attached to different triggers. I don't want to add stuff like "StopWhenUnneeded=yes", "RemainAfterExit=yes" "ExecStop=..." because: + it does not work, it causes the script to be fired twice in a row with a timer + it looks a bit abusive (that's subjective of course), somthing like trying to make the unit Turing-complete. Let's say that I consider the below unit still a valid non-abusive unit. --8<---cut here---start->8--- [Unit] Description=Record Battery Status Before=sleep.target shutdown.target [Service] Type=oneshot ExecStart=/root/bin/battery-status.sh [Install] WantedBy=sleep.target shutdown.target --8<---cut here---end--->8--- Such service works as expected: + with the timer + upon suspend/shutdown. It does not work upon resume. I know that there is no resume.target and making services run upon resume isn't as streightforward as "WantedBy=resume.target" or "WantedBy=post-hibernate.target". However, I hoped (hope) it isn't as hacky as StopWhenUnneeded+ExecStop which, although logically correct, isn't the way I would like to express my intentions about running a service after resuming from sleep. And I hope I don't need to write a separate long running service that detects suspends/resumes/shutdown/reboots and acts accordingly. >> Then, does any part of systemd (package) react to plugging and >> unplugging DC jack into a laptop? >> >> [1] >> http://people.skolelinux.org/pere/blog/The_life_and_death_of_a_laptop_battery.html >> [2] https://wiki.archlinux.org/index.php/Power_management#Sleep_hooks >> > -- Było mi bardzo miło. --- Rurku. --- ... >Łukasz<--- To dobrze, że mnie słuchasz. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] suspend/resume hooks, the right way
Lennart Poettering <lenn...@poettering.net> writes: > On Fri, 25.09.15 22:17, Łukasz Stelmach (stl...@poczta.fm) wrote: > >> Hi, >> >> systemd-sleep(8) states >> >>Note that scripts or binaries dropped in >> /usr/lib/systemd/system-sleep/ >>are intended for local use only and should be considered hacks. If >>applications want to be notified of system suspend/hibernation and >>resume, there are much nicer interfaces available. >> >> What is the right way to hook some oneshot services like battery status >> monitor[1] into systemd so they get executed as pre-sleep and >> post-resume (or more specifically (pre|post)-(suspend|hibernate|hybrid-sleep) >> if possible) hooks? > > Applications should use suspend delay inhibitors in logind so that > they get a certain amount of time to whatever they want to do before > the system goes to sleep. > > https://wiki.freedesktop.org/www/Software/systemd/inhibit/ Of course a process like NetworkManager or LibreOffice that are running regardless of power state changes and need a finite amount of time to prepare to sleep will use inhibitors. What about oneshot jobs that do not run before the system goes to sleep and simply exit when they are ready? Then again, inhibitors or rather PrepareFor*(false) signals provide no reliable way to know that a machine has just woke up. The signals are emmited in case of failed shutdown too. How can I run something upon resume? Is there no other way than hacky StopWhenUnneeded+ExecStop+WantedBy=sleep.target? OK. I can start on suspend and wait for PrepareForSuspend(false) and check if certain amount of time has passed. Still, it's much too much for some simple oneshot tasks which should do their job while being managed by a process manager (systemd?). >> Then, does any part of systemd (package) react to plugging and >> unplugging DC jack into a laptop? > > I think you get an uevent for this, hence you could do it via udev > rules, no? Indeed. I must have forgotten about this because saw my EeePC trying to report this as input events too. Kind regards, -- Było mi bardzo miło. --- Rurku. --- ... >Łukasz<--- To dobrze, że mnie słuchasz. pgp61ofmTrlTX.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] suspend/resume hooks, the right way
Hi, systemd-sleep(8) states Note that scripts or binaries dropped in /usr/lib/systemd/system-sleep/ are intended for local use only and should be considered hacks. If applications want to be notified of system suspend/hibernation and resume, there are much nicer interfaces available. What is the right way to hook some oneshot services like battery status monitor[1] into systemd so they get executed as pre-sleep and post-resume (or more specifically (pre|post)-(suspend|hibernate|hybrid-sleep) if possible) hooks? I found some notes[2] on Arch wiki. Unfortunately the unit with both StopWhenUnneeded and RemainAfterExit does not work well when triggered with timer because it executes both ExecStart and ExecStop commands and puts duplicate entries in the log. Then, does any part of systemd (package) react to plugging and unplugging DC jack into a laptop? [1] http://people.skolelinux.org/pere/blog/The_life_and_death_of_a_laptop_battery.html [2] https://wiki.archlinux.org/index.php/Power_management#Sleep_hooks -- Było mi bardzo miło. --- Rurku. --- ... >Łukasz<--- To dobrze, że mnie słuchasz. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] .gitignore: add GNU GLOBAL files
It was 2015-05-15 pią 18:36, when Dimitri John Ledkov wrote: On 15 May 2015 at 17:19, Łukasz Stelmach l.stelm...@samsung.com wrote: It was 2015-05-15 pią 18:03, when Lennart Poettering wrote: On Fri, 15.05.15 17:39, Łukasz Stelmach (l.stelm...@samsung.com) wrote: It was 2015-05-15 pią 17:25, when Lennart Poettering wrote: On Fri, 15.05.15 17:12, Łukasz Stelmach (l.stelm...@samsung.com) wrote: Hmm? What is GNU GLOBAL? Another cscope. A quote from http://www.gnu.org/software/global/ --8---cut here---start-8--- GNU GLOBAL is a source code tagging system that works the same way across diverse environments, such as Emacs editor, Vi editor, Less viewer, Bash shell, various web browsers, etc. You can locate various objects, such as functions, macros, structs, classes, in your source files and move there easily. [...] --8---cut here---end---8--- The index files should not appear in git status. And is that tool even popular? Admittedly not the most popular but noticable. https://qa.debian.org/popcon-graph.php?packages=cscope%2Cglobal%2Cexuberant-ctagsshow_installed=onwant_percent=onwant_legend=onwant_ticks=onfrom_date=2010-01-01to_date=hlght_date=date_fmt=%25Y-%25mbeenhere=1 With my Debian Developer hat on... popcon is not a metric... We mostly still have it as a trap - whenever popcon used as a reason it is shot down as invalid =) Let's say that I considered popcon data rather binarily: x ε ? 1 : 0 ;-) [...] Imho .gitignore should only be used to clean-up ignore by products that a given project generates, the rest IDE cruft is to be ignored on per user cases in a global excludes file as I've shown earlier. Thank you for the hint. I haven't remebered that option. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics signature.asc Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] .gitignore: add GNU GLOBAL files
--- .gitignore | 4 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index f550950..d2f1a1f 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,10 @@ /*.tar.xz /Makefile /TAGS +/GPATH +/GRTAGS +/GSYMS +/GTAGS /accelerometer /ata_id /bootctl -- 2.1.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] .gitignore: add GNU GLOBAL files
It was 2015-05-15 pią 17:25, when Lennart Poettering wrote: On Fri, 15.05.15 17:12, Łukasz Stelmach (l.stelm...@samsung.com) wrote: Hmm? What is GNU GLOBAL? Another cscope. A quote from http://www.gnu.org/software/global/ --8---cut here---start-8--- GNU GLOBAL is a source code tagging system that works the same way across diverse environments, such as Emacs editor, Vi editor, Less viewer, Bash shell, various web browsers, etc. You can locate various objects, such as functions, macros, structs, classes, in your source files and move there easily. [...] --8---cut here---end---8--- The index files should not appear in git status. --- .gitignore | 4 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index f550950..d2f1a1f 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,10 @@ /*.tar.xz /Makefile /TAGS +/GPATH +/GRTAGS +/GSYMS +/GTAGS /accelerometer /ata_id /bootctl -- 2.1.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel Lennart -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics signature.asc Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] .gitignore: add GNU GLOBAL files
It was 2015-05-15 pią 18:03, when Lennart Poettering wrote: On Fri, 15.05.15 17:39, Łukasz Stelmach (l.stelm...@samsung.com) wrote: It was 2015-05-15 pią 17:25, when Lennart Poettering wrote: On Fri, 15.05.15 17:12, Łukasz Stelmach (l.stelm...@samsung.com) wrote: Hmm? What is GNU GLOBAL? Another cscope. A quote from http://www.gnu.org/software/global/ --8---cut here---start-8--- GNU GLOBAL is a source code tagging system that works the same way across diverse environments, such as Emacs editor, Vi editor, Less viewer, Bash shell, various web browsers, etc. You can locate various objects, such as functions, macros, structs, classes, in your source files and move there easily. [...] --8---cut here---end---8--- The index files should not appear in git status. And is that tool even popular? Admittedly not the most popular but noticable. https://qa.debian.org/popcon-graph.php?packages=cscope%2Cglobal%2Cexuberant-ctagsshow_installed=onwant_percent=onwant_legend=onwant_ticks=onfrom_date=2010-01-01to_date=hlght_date=date_fmt=%25Y-%25mbeenhere=1 Thanks. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics signature.asc Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] networkd: disable tmpfiles and sysusers bits associated with networkd
It was 2014-12-02 wto 00:35, when Lennart Poettering wrote: On Mon, 24.11.14 09:30, Łukasz Stelmach (l.stelm...@samsung.com) wrote: It was 2014-11-21 pią 21:36, when Lennart Poettering wrote: On Fri, 21.11.14 17:07, Łukasz Stelmach (l.stelm...@samsung.com) wrote: On a system configured without networkd and sysusers there still needs to be the unnecessary systemd-network user, otherwise systemd-tmpfiles fails to start. Move information associated with networkd in tmpfiles.d and sysusers.d to separate files. Do not install it if netwrorkd is not enabled. In principle looks OK, but I'd prefer if we would write this out with m4 (see etc.conf.m4) and keep it in the current files, rather than split this up in numerous files. Especially in the case of /run/systemd/netif this actually matters: if we split that out into its own tmpfiles snippet, then packagers would most likely put that in its own RPM/DEB if they split out those daemons. But this is not advisable in this case, as sd-network (which will eventually be a public API of libsystems) needs the directory to be around to install an inotify watch. If the directory doesn't exist, and the API is used it will fail entirely, which is suboptimal, given that networkd might be installed later on, and things should then just start to work. Will it be necessary for this directory to be owned by systemd-network even without networkd? Yes. If networkd is compile-time enable the dir should exist and be properly owned, even if it networkd is split off into a separate binary package and currently not installed. And what if the networkd is disabled? Does the directory must exist? Now if networkd is disabled /run/systemd/netif* are not in tmpfiles.d/systemd.conf. Is this correct? If these directories are (going to be) required even with networkd being compile-time disabled, who should own them? Your patch in the version Zbigniew commited looks correct in this regard! Then, I suppose the answers to the above questions are not crucial, however, I am still curious to know them. Kind regards, -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpfXR4R9kWMt.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] networkd: disable tmpfiles and sysusers bits associated with networkd
It was 2014-12-02 wto 10:31, when Tom Gundersen wrote: On Tue, Dec 2, 2014 at 10:24 AM, Łukasz Stelmach l.stelm...@samsung.com wrote: It was 2014-12-02 wto 00:35, when Lennart Poettering wrote: On Mon, 24.11.14 09:30, Łukasz Stelmach (l.stelm...@samsung.com) wrote: It was 2014-11-21 pią 21:36, when Lennart Poettering wrote: On Fri, 21.11.14 17:07, Łukasz Stelmach (l.stelm...@samsung.com) wrote: On a system configured without networkd and sysusers there still needs to be the unnecessary systemd-network user, otherwise systemd-tmpfiles fails to start. Move information associated with networkd in tmpfiles.d and sysusers.d to separate files. Do not install it if netwrorkd is not enabled. In principle looks OK, but I'd prefer if we would write this out with m4 (see etc.conf.m4) and keep it in the current files, rather than split this up in numerous files. Especially in the case of /run/systemd/netif this actually matters: if we split that out into its own tmpfiles snippet, then packagers would most likely put that in its own RPM/DEB if they split out those daemons. But this is not advisable in this case [...] Will it be necessary for this directory to be owned by systemd-network even without networkd? Yes. If networkd is compile-time enable the dir should exist and be properly owned, even if it networkd is split off into a separate binary package and currently not installed. And what if the networkd is disabled? Does the directory must exist? Now if networkd is disabled /run/systemd/netif* are not in tmpfiles.d/systemd.conf. Is this correct? No, if you disable networkd at compile-time the directory is not needed (and using the sd-network library will rightly fail). [...] My two cents. That gives about three with Lennart's ;-) Thanks. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpi3VhhEFhKi.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v3] build-sys: configure the list of system users, files and directories
Choose which system users defined in sysusers.d/systemd.conf and files or directories in tmpfiles.d/systemd.conf, should be provided depending on comile-time configuration. --- Makefile.am| 4 configure.ac | 2 ++ sysusers.d/.gitignore | 1 + sysusers.d/systemd.conf| 12 sysusers.d/systemd.conf.m4 | 20 tmpfiles.d/.gitignore | 3 ++- tmpfiles.d/systemd.conf| 32 tmpfiles.d/systemd.conf.m4 | 34 ++ 8 files changed, 63 insertions(+), 45 deletions(-) delete mode 100644 sysusers.d/systemd.conf create mode 100644 sysusers.d/systemd.conf.m4 delete mode 100644 tmpfiles.d/systemd.conf create mode 100644 tmpfiles.d/systemd.conf.m4 diff --git a/Makefile.am b/Makefile.am index 7ab1dea..fdd14e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5820,6 +5820,10 @@ src/%: src/%.m4 $(AM_V_at)$(MKDIR_P) $(dir $@) $(AM_V_M4)$(M4) -P $(M4_DEFINES) $ $@ +sysusers.d/%: sysusers.d/%.m4 + $(AM_V_at)$(MKDIR_P) $(dir $@) + $(AM_V_M4)$(M4) -P $(M4_DEFINES) $ $@ + tmpfiles.d/%: tmpfiles.d/%.m4 $(AM_V_at)$(MKDIR_P) $(dir $@) $(AM_V_M4)$(M4) -P $(M4_DEFINES) $ $@ diff --git a/configure.ac b/configure.ac index a4e91e3..6e0b5f3 100644 --- a/configure.ac +++ b/configure.ac @@ -975,6 +975,7 @@ have_timesyncd=no AC_ARG_ENABLE(timesyncd, AS_HELP_STRING([--disable-timesyncd], [disable timesync daemon])) if test x$enable_timesyncd != xno; then have_timesyncd=yes +M4_DEFINES=$M4_DEFINES -DENABLE_TIMESYNCD fi AM_CONDITIONAL(ENABLE_TIMESYNCD, [test $have_timesyncd = yes]) @@ -1064,6 +1065,7 @@ AC_ARG_ENABLE(networkd, AS_HELP_STRING([--disable-networkd], [disable networkd]) AS_IF([test x$enable_networkd != xno], [ AC_DEFINE(ENABLE_NETWORKD, 1, [Define if networkd support is to be enabled]) have_networkd=yes +M4_DEFINES=$M4_DEFINES -DENABLE_NETWORKD ]) AM_CONDITIONAL(ENABLE_NETWORKD, [test x$have_networkd = xyes]) diff --git a/sysusers.d/.gitignore b/sysusers.d/.gitignore index f7957a9..bb3aaaf 100644 --- a/sysusers.d/.gitignore +++ b/sysusers.d/.gitignore @@ -1 +1,2 @@ /basic.conf +/systemd.conf diff --git a/sysusers.d/systemd.conf b/sysusers.d/systemd.conf deleted file mode 100644 index 95437b8..000 --- a/sysusers.d/systemd.conf +++ /dev/null @@ -1,12 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -g systemd-journal - - -u systemd-bus-proxy - systemd Bus Proxy -u systemd-network - systemd Network Management -u systemd-resolve - systemd Resolver -u systemd-timesync - systemd Time Synchronization diff --git a/sysusers.d/systemd.conf.m4 b/sysusers.d/systemd.conf.m4 new file mode 100644 index 000..23175de --- /dev/null +++ b/sysusers.d/systemd.conf.m4 @@ -0,0 +1,20 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +g systemd-journal - - +m4_ifdef(`ENABLE_KDBUS', +u systemd-bus-proxy - systemd Bus Proxy +)m4_dnl +m4_ifdef(`ENABLE_NETWORKD', +u systemd-network - systemd Network Management +)m4_dnl +m4_ifdef(`ENABLE_RESOLVED', +u systemd-resolve - systemd Resolver +)m4_dnl +m4_ifdef(`ENABLE_TIMESYNCD', +u systemd-timesync - systemd Time Synchronization +)m4_dnl diff --git a/tmpfiles.d/.gitignore b/tmpfiles.d/.gitignore index eb32315..4f0ecaa 100644 --- a/tmpfiles.d/.gitignore +++ b/tmpfiles.d/.gitignore @@ -1 +1,2 @@ -etc.conf +/etc.conf +/systemd.conf diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf deleted file mode 100644 index 9ca5ad2..000 --- a/tmpfiles.d/systemd.conf +++ /dev/null @@ -1,32 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -# See tmpfiles.d(5) for details - -d /run/user 0755 root root - -F! /run/utmp 0664 root utmp - - -d /run/systemd/ask-password 0755 root root - -d /run/systemd/seats 0755 root root - -d /run/systemd/sessions 0755 root root - -d /run/systemd/users 0755 root root - -d /run/systemd/machines 0755 root root - -d /run/systemd/shutdown 0755 root root - -d /run/systemd/netif 0755 systemd-network systemd-network - -d /run/systemd/netif/links 0755 systemd-network systemd-network - -d /run/systemd/netif/leases 0755 systemd-network systemd-network - - -d /run/log
[systemd-devel] [PATCH] journal-remote: do not install tmpfiles and sysusers files by default
Change-Id: I5cbbcec134f52267ac4841b7d8f14d341a2d2184 Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com --- Makefile.am | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1674f61..cf21563 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2036,7 +2036,6 @@ nodist_tmpfiles_DATA = \ dist_tmpfiles_DATA = \ tmpfiles.d/systemd.conf \ tmpfiles.d/systemd-nologin.conf \ - tmpfiles.d/systemd-remote.conf \ tmpfiles.d/tmp.conf \ tmpfiles.d/x11.conf \ tmpfiles.d/var.conf @@ -2091,8 +2090,7 @@ SYSINIT_TARGET_WANTS += \ systemd-sysusers.service dist_sysusers_DATA = \ - sysusers.d/systemd.conf \ - sysusers.d/systemd-remote.conf + sysusers.d/systemd.conf nodist_sysusers_DATA = \ sysusers.d/basic.conf @@ -3834,6 +3832,16 @@ systemd_journal_remote_CFLAGS = \ systemd_journal_remote_LDADD += \ $(MICROHTTPD_LIBS) +if ENABLE_SYSUSERS +dist_sysusers_DATA += \ + sysusers.d/systemd-remote.conf +endif + +if ENABLE_TMPFILES +dist_tmpfiles_DATA += \ + tmpfiles.d/systemd-remote.conf +endif + if HAVE_GNUTLS systemd_journal_remote_LDADD += \ $(GNUTLS_LIBS) -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] journal-remote: do not install tmpfiles and sysusers files by default
It was 2014-11-27 czw 06:32, when Zbigniew Jędrzejewski-Szmek wrote: On Wed, Nov 26, 2014 at 09:17:50AM +0100, Łukasz Stelmach wrote: Change-Id: I5cbbcec134f52267ac4841b7d8f14d341a2d2184 Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com I removed that lines... Sure, thanks. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpetqEON_RWo.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v2] networkd: disable tmpfiles and sysusers bits associated with networkd
On a system configured without networkd and sysusers there still needs to be the unnecessary systemd-network user, otherwise systemd-tmpfiles fails to start. Use m4 to include information associated with networkd in tmpfiles.d and sysusers.d conditionally. Do not install it if netwrorkd is not enabled. --- Makefile.am| 4 configure.ac | 1 + sysusers.d/.gitignore | 1 + sysusers.d/systemd.conf| 12 sysusers.d/systemd.conf.m4 | 14 ++ tmpfiles.d/.gitignore | 3 ++- tmpfiles.d/systemd.conf| 32 tmpfiles.d/systemd.conf.m4 | 34 ++ 8 files changed, 56 insertions(+), 45 deletions(-) delete mode 100644 sysusers.d/systemd.conf create mode 100644 sysusers.d/systemd.conf.m4 delete mode 100644 tmpfiles.d/systemd.conf create mode 100644 tmpfiles.d/systemd.conf.m4 diff --git a/Makefile.am b/Makefile.am index fae946a..69d9c9e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5821,6 +5821,10 @@ src/%: src/%.m4 $(AM_V_at)$(MKDIR_P) $(dir $@) $(AM_V_M4)$(M4) -P $(M4_DEFINES) $ $@ +sysusers.d/%: sysusers.d/%.m4 + $(AM_V_at)$(MKDIR_P) $(dir $@) + $(AM_V_M4)$(M4) -P $(M4_DEFINES) $ $@ + tmpfiles.d/%: tmpfiles.d/%.m4 $(AM_V_at)$(MKDIR_P) $(dir $@) $(AM_V_M4)$(M4) -P $(M4_DEFINES) $ $@ diff --git a/configure.ac b/configure.ac index c3b4ea3..5ec2e6c 100644 --- a/configure.ac +++ b/configure.ac @@ -1050,6 +1050,7 @@ AC_ARG_ENABLE(networkd, AS_HELP_STRING([--disable-networkd], [disable networkd]) AS_IF([test x$enable_networkd != xno], [ AC_DEFINE(ENABLE_NETWORKD, 1, [Define if networkd support is to be enabled]) have_networkd=yes +M4_DEFINES=$M4_DEFINES -DENABLE_NETWORKD ]) AM_CONDITIONAL(ENABLE_NETWORKD, [test x$have_networkd = xyes]) diff --git a/sysusers.d/.gitignore b/sysusers.d/.gitignore index f7957a9..bb3aaaf 100644 --- a/sysusers.d/.gitignore +++ b/sysusers.d/.gitignore @@ -1 +1,2 @@ /basic.conf +/systemd.conf diff --git a/sysusers.d/systemd.conf b/sysusers.d/systemd.conf deleted file mode 100644 index 95437b8..000 --- a/sysusers.d/systemd.conf +++ /dev/null @@ -1,12 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -g systemd-journal - - -u systemd-bus-proxy - systemd Bus Proxy -u systemd-network - systemd Network Management -u systemd-resolve - systemd Resolver -u systemd-timesync - systemd Time Synchronization diff --git a/sysusers.d/systemd.conf.m4 b/sysusers.d/systemd.conf.m4 new file mode 100644 index 000..eeb13fb --- /dev/null +++ b/sysusers.d/systemd.conf.m4 @@ -0,0 +1,14 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +g systemd-journal - - +u systemd-bus-proxy - systemd Bus Proxy +m4_ifdef(`ENABLE_NETWORKD', +u systemd-network - systemd Network Management +)m4_dnl +u systemd-resolve - systemd Resolver +u systemd-timesync - systemd Time Synchronization diff --git a/tmpfiles.d/.gitignore b/tmpfiles.d/.gitignore index eb32315..4f0ecaa 100644 --- a/tmpfiles.d/.gitignore +++ b/tmpfiles.d/.gitignore @@ -1 +1,2 @@ -etc.conf +/etc.conf +/systemd.conf diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf deleted file mode 100644 index 9ca5ad2..000 --- a/tmpfiles.d/systemd.conf +++ /dev/null @@ -1,32 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -# See tmpfiles.d(5) for details - -d /run/user 0755 root root - -F! /run/utmp 0664 root utmp - - -d /run/systemd/ask-password 0755 root root - -d /run/systemd/seats 0755 root root - -d /run/systemd/sessions 0755 root root - -d /run/systemd/users 0755 root root - -d /run/systemd/machines 0755 root root - -d /run/systemd/shutdown 0755 root root - -d /run/systemd/netif 0755 systemd-network systemd-network - -d /run/systemd/netif/links 0755 systemd-network systemd-network - -d /run/systemd/netif/leases 0755 systemd-network systemd-network - - -d /run/log 0755 root root - - -z /run/log/journal 2755 root systemd-journal - - -Z /run/log/journal/%m ~2750 root systemd-journal - - - -z /var/log/journal 2755 root systemd-journal - - -z /var/log/journal/%m 2755 root systemd-journal - - - -d /var/lib/systemd 0755 root root - -d /var/lib/systemd/coredump 0755 root
Re: [systemd-devel] [PATCH] networkd: disable tmpfiles and sysusers bits associated with networkd
It was 2014-11-21 pią 21:36, when Lennart Poettering wrote: On Fri, 21.11.14 17:07, Łukasz Stelmach (l.stelm...@samsung.com) wrote: On a system configured without networkd and sysusers there still needs to be the unnecessary systemd-network user, otherwise systemd-tmpfiles fails to start. Move information associated with networkd in tmpfiles.d and sysusers.d to separate files. Do not install it if netwrorkd is not enabled. In principle looks OK, but I'd prefer if we would write this out with m4 (see etc.conf.m4) and keep it in the current files, rather than split this up in numerous files. Especially in the case of /run/systemd/netif this actually matters: if we split that out into its own tmpfiles snippet, then packagers would most likely put that in its own RPM/DEB if they split out those daemons. But this is not advisable in this case, as sd-network (which will eventually be a public API of libsystems) needs the directory to be around to install an inotify watch. If the directory doesn't exist, and the API is used it will fail entirely, which is suboptimal, given that networkd might be installed later on, and things should then just start to work. Will it be necessary for this directory to be owned by systemd-network even without networkd? -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpii7s5h9dwS.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] networkd: disable tmpfiles and sysusers bits associated with networkd
On a system configured without networkd and sysusers there still needs to be the unnecessary systemd-network user, otherwise systemd-tmpfiles fails to start. Move information associated with networkd in tmpfiles.d and sysusers.d to separate files. Do not install it if netwrorkd is not enabled. --- Alternatively the files may be prepared to be processed with M4, which may be useful to conditionaly include lines for other optional services. Makefile.am | 10 ++ sysusers.d/systemd-networkd.conf | 8 sysusers.d/systemd.conf | 1 - tmpfiles.d/systemd-networkd.conf | 12 tmpfiles.d/systemd.conf | 3 --- 5 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 sysusers.d/systemd-networkd.conf create mode 100644 tmpfiles.d/systemd-networkd.conf diff --git a/Makefile.am b/Makefile.am index 3f9f3fa..8f0f290 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5164,6 +5164,16 @@ networkctl_LDADD = \ libsystemd-shared.la \ libsystemd-network.la +if ENABLE_TMPFILES +dist_tmpfiles_DATA += \ + tmpfiles.d/systemd-networkd.conf +endif + +if ENABLE_SYSUSERS +dist_sysusers_DATA += \ + sysusers.d/systemd-networkd.conf +endif + test_network_SOURCES = \ src/network/test-network.c diff --git a/sysusers.d/systemd-networkd.conf b/sysusers.d/systemd-networkd.conf new file mode 100644 index 000..208148d --- /dev/null +++ b/sysusers.d/systemd-networkd.conf @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-network - systemd Network Management diff --git a/sysusers.d/systemd.conf b/sysusers.d/systemd.conf index 95437b8..3da0901 100644 --- a/sysusers.d/systemd.conf +++ b/sysusers.d/systemd.conf @@ -7,6 +7,5 @@ g systemd-journal - - u systemd-bus-proxy - systemd Bus Proxy -u systemd-network - systemd Network Management u systemd-resolve - systemd Resolver u systemd-timesync - systemd Time Synchronization diff --git a/tmpfiles.d/systemd-networkd.conf b/tmpfiles.d/systemd-networkd.conf new file mode 100644 index 000..2419755 --- /dev/null +++ b/tmpfiles.d/systemd-networkd.conf @@ -0,0 +1,12 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /run/systemd/netif 0755 systemd-network systemd-network - +d /run/systemd/netif/links 0755 systemd-network systemd-network - +d /run/systemd/netif/leases 0755 systemd-network systemd-network - diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf index 9ca5ad2..57fc261 100644 --- a/tmpfiles.d/systemd.conf +++ b/tmpfiles.d/systemd.conf @@ -16,9 +16,6 @@ d /run/systemd/sessions 0755 root root - d /run/systemd/users 0755 root root - d /run/systemd/machines 0755 root root - d /run/systemd/shutdown 0755 root root - -d /run/systemd/netif 0755 systemd-network systemd-network - -d /run/systemd/netif/links 0755 systemd-network systemd-network - -d /run/systemd/netif/leases 0755 systemd-network systemd-network - d /run/log 0755 root root - -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [BUG] too many rfkill services
Hi. Recently, after I had found an update for my BIOS, my desktop started to resume properly (before I could only suspend it). Kernel and systemd do their jobs fine. But they seem to have problem cooperating. For the record I use systemd 215, which means that the issue I describe here may have been fixed already. After several suspend/resumes systemctl shows more than three dozens of rfkill devices even though I've got only one BT and one WLAN. --8---cut here---start-8--- systemd-rfkill@rfkill0.service loaded active exitedLoad/Save RF Kill Switch Status of rfkill0 systemd-rfkill@rfkill1.service loaded active exitedLoad/Save RF Kill Switch Status of rfkill1 systemd-rfkill@rfkill2.service loaded active exitedLoad/Save RF Kill Switch Status of rfkill4 systemd-rfkill@rfkill3.service loaded active exitedLoad/Save RF Kill Switch Status of rfkill4 [...] systemd-rfkill@rfkill37.service loaded active exitedLoad/Save RF Kill Switch Status of rfkill37 --8---cut here---end---8--- Indeed currently available rfkill devices have rather high numbers. --8---cut here---start-8--- total 0 lrwxrwxrwx 1 root root 0 11-18 17:13 rfkill36 - ../../devices/pci:00/:00:1a.0/usb3/3-1/3-1:1.0/bluetooth/hci0/rfkill36 lrwxrwxrwx 1 root root 0 11-18 17:13 rfkill37 - ../../devices/pci:00/:00:1a.7/usb1/1-3/1-3:1.0/ieee80211/phy13/rfkill37 --8---cut here---end---8--- State files in /var/lib/systemd/rfkill look a bit odd too. --8---cut here---start-8--- total 16 -rw-r--r-- 1 root root 2 11-07 17:36 pci-:00:1a.0-usb-0:1:1.0:hci0 -rw-r--r-- 1 root root 2 11-07 17:36 pci-:00:1a.7-usb-0:3:1.0:phy0 -rw-r--r-- 1 root root 2 11-02 13:00 pci-:00:1a.7-usb-0:3:1.0:phy1 -rw-r--r-- 1 root root 2 09-22 08:17 pci-:00:1a.7-usb-0:3:1.0:phy4 --8---cut here---end---8--- dmesg shows that upon each resume the wlan phy gets a new number every resume. --8---cut here---start-8--- [221310.762273] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' [221310.762451] ieee80211 phy11: hwaddr 00:15:af:64:2f:bf, RTL8187vB (default) V1 + rtl8225z2, rfkill mask 2 [229361.374331] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [229361.374505] ieee80211 phy12: hwaddr 00:15:af:64:2f:bf, RTL8187vB (default) V1 + rtl8225z2, rfkill mask 2 [243400.372585] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [243400.372761] ieee80211 phy13: hwaddr 00:15:af:64:2f:bf, RTL8187vB (default) V1 + rtl8225z2, rfkill mask 2 --8---cut here---end---8--- Status of a stale rfkill service looks like this. --8---cut here---start-8--- * systemd-rfkill@rfkill9.service - Load/Save RF Kill Switch Status of rfkill9 Loaded: loaded (/usr/lib64/systemd/system/systemd-rfkill@.service; static) Active: active (exited) since nie 2014-11-09 19:31:27 CET; 1 weeks 1 days ago Docs: man:systemd-rfkill@.service(8) Process: 12818 ExecStart=/usr/lib/systemd/systemd-rfkill load %I (code=exited, status=0/SUCCESS) Main PID: 12818 (code=exited, status=0/SUCCESS) CGroup: /system.slice/system-systemd\x2drfkill.slice/systemd-rfkill@rfkill9.service --8---cut here---end---8--- and stopping it yields the following messages --8---cut here---start-8--- * systemd-rfkill@rfkill9.service - Load/Save RF Kill Switch Status of rfkill9 Loaded: loaded (/usr/lib64/systemd/system/systemd-rfkill@.service; static) Active: failed (Result: exit-code) since Tue 2014-11-18 18:24:02 CET; 21s ago Docs: man:systemd-rfkill@.service(8) Process: 4860 ExecStop=/usr/lib/systemd/systemd-rfkill save %I (code=exited, status=1/FAILURE) Process: 12818 ExecStart=/usr/lib/systemd/systemd-rfkill load %I (code=exited, status=0/SUCCESS) Main PID: 12818 (code=exited, status=0/SUCCESS) Nov 18 18:24:02 kotik systemd[1]: Stopping Load/Save RF Kill Switch Status of rfkill9... Nov 18 18:24:02 kotik systemd[1]: systemd-rfkill@rfkill9.service: control process exited, code=exited status=1 Nov 18 18:24:02 kotik systemd[1]: Stopped Load/Save RF Kill Switch Status of rfkill9. Nov 18 18:24:02 kotik systemd[1]: Unit systemd-rfkill@rfkill9.service entered failed state. --8---cut here---end---8--- The actual issue as I see it is that systemd does not stop and remove rfkill services that refer to nonexistent devices. Kind regards, -- Było mi bardzo miło. Twoje oczy lubią mnie Łukasz i to mnie zgubi (c)SNL REKLAMA: http://ars-fabrica.eu/ sklep z rękodziełem pgp3XamkPUGoe.pgp Description: PGP signature
Re: [systemd-devel] statelessy system
It was 2014-10-31 pią 17:04, when Zbigniew Jędrzejewski-Szmek wrote: On Fri, Oct 31, 2014 at 02:06:37PM +0100, Łukasz Stelmach wrote: My question: is v217 ready to run without /etc/systemd/*.conf and read them from /usr/lib/systemd wher I (vendor) can put properly tailored files? Hi Łukasz, if you look into those files, you'll see that they contain only comments. Indeed, however, that only means systemd's got sane defaults. What if I want to provide some distro-wide configuration that is different from yours? -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpBQHbGnJXLf.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] statelessy system
It was 2014-11-02 nie 19:06, when Lennart Poettering wrote: On Fri, 31.10.14 14:06, Łukasz Stelmach (l.stelm...@samsung.com) wrote: Hello. I am working to upgrade systemd in Tizen to v217 from v212. To verify rpm packages we use rpmlint with some rules from opensuse[1]. For whatever reason v217 package exceed allowed badness because it puts config files (system.conf, journald.conf etc) in /etc/systemd. The check [2] forbids putting anything in there and it seems to go along weel with the sateless system goal of systemd. My question: is v217 ready to run without /etc/systemd/*.conf and read them from /usr/lib/systemd wher I (vendor) can put properly tailored files? Yes, /etc/systemd is unnecessary for booting. If you find any of our tools not working if /etc/systemd is removed it would be a bug. As I wrote in a message to Zbyszek, what if I want my distro defaults to be different than those (no matter they are sane) of yours? -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpcDOpureK9x.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] statelessy system
Hello. I am working to upgrade systemd in Tizen to v217 from v212. To verify rpm packages we use rpmlint with some rules from opensuse[1]. For whatever reason v217 package exceed allowed badness because it puts config files (system.conf, journald.conf etc) in /etc/systemd. The check [2] forbids putting anything in there and it seems to go along weel with the sateless system goal of systemd. My question: is v217 ready to run without /etc/systemd/*.conf and read them from /usr/lib/systemd wher I (vendor) can put properly tailored files? [1] https://github.com/openSUSE/rpmlint-checks [2] https://github.com/openSUSE/rpmlint-checks/blob/master/CheckFilelist.py#L279 -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpgAs47W425W.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Add timesync-wait tool
--- src/timesync/timesync-wait.c | 43 +++ 1 file changed, 43 insertions(+) create mode 100644 src/timesync/timesync-wait.c I am afraid TFD_TIMER_CANCEL_ON_SET doesn't help much here. You can watch for time changes but it is not the moment adjtimex() starts to return TIME_OK and STA_UNSYNC flag unset. Where would you like this to be patched in? diff --git a/src/timesync/timesync-wait.c b/src/timesync/timesync-wait.c new file mode 100644 index 000..9648b09 --- /dev/null +++ b/src/timesync/timesync-wait.c @@ -0,0 +1,43 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/*** + This file is part of systemd. + + Copyright 2014 Łukasz Stelmach + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see http://www.gnu.org/licenses/. +***/ + +#include string.h +#include sys/timex.h +#include unistd.h +#include stdio.h + +int main(int argc, char *argv[]) { +struct timex tbuf; +int r; + +memset(tbuf, 0, sizeof(tbuf)); +r = adjtimex(tbuf); + +while (r != TIME_OK) { +sleep(1); +/* Unfortunately there seem to be no other way than +polling to get this information. */ +memset(tbuf, 0, sizeof(tbuf)); +r = adjtimex(tbuf); +} + +return 0; +} -- 2.0.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] core: mount only 4 partition in mount_setup_early()
It was 2014-08-06 śro 14:53, when Sangjung Woo wrote: systemd doesn't mount smackfs if systemd was compiled without Smack support. However, the number of mount point entry in mount_setup_early() (i.e. N_EARLY_MOUNT) is 5 since smackfs is included. N_EARLY_MOUNT should be 4 because currently smackfs is optional. Signed-off-by: Sangjung Woo sangjung@samsung.com --- src/core/mount-setup.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 206f89a..f15647b 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -64,7 +64,7 @@ typedef struct MountPoint { /* The first three entries we might need before SELinux is up. The * fourth (securityfs) is needed by IMA to load a custom policy. The * other ones we can delay until SELinux and IMA are loaded. */ -#define N_EARLY_MOUNT 5 +#define N_EARLY_MOUNT 4 AFAIR smackfs needs to be one of those early mounted. At least that is what ffbd2c4d suggests. static const MountPoint mount_table[] = { { sysfs, /sys, sysfs, NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, As strange as it may seem this is not a bug (at least it doesn't seem to hurt). In the mount_setup_early() function there is this for() loop: for (i = 0; i N_EARLY_MOUNT; i ++) { which means when it iterates iterates the mount_table[] static const MountPoint mount_table[] = { { sysfs, /sys, [...]}, { proc, /proc, [...]}, { devtmpfs, /dev, [...]}, { securityfs, /sys/kernel/security, [...]}, #ifdef HAVE_SMACK, { smackfs,/sys/fs/smackfs, [...]}, { tmpfs, /dev/shm, [...]}, #endif, { tmpfs, /dev/shm, [...]}, [...] }; with Smack *enabled*, it attempts to mount: /sys (0), /proc (1), /dev (2), /sys/kernel/security (3), /sys/fs/smackfs (4). Then it stops. Without HAVE_SMACK and N_EARLY_MOUNT equal 5 the last filesystem mounted is /dev/shm which wasn't mounted before ffbd2c4d but if it is it doesn't cause any problems, does it? If you really do not want to mount /dev/shm enclose the definition of N_EARLY_MOUNT as 5 in ifdef on HAVE_SMACK and set it to 4 without Smack. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpRRnxyi95HD.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [RFC][PATCH] socket: show full instance name in services' description
Change the way socket activated services are instantiated so that the full instnace name with addresses of both parties and not only the counter make it into units' descriptions visible in the journal. --- src/core/socket.c | 23 +-- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/core/socket.c b/src/core/socket.c index c58a7f0..f15400b 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -180,7 +180,7 @@ static int socket_arm_timer(Socket *s) { socket_dispatch_timer, s); } -static int socket_instantiate_service(Socket *s) { +static int socket_instantiate_service(Socket *s, char* n) { _cleanup_free_ char *prefix = NULL; _cleanup_free_ char *name = NULL; int r; @@ -199,11 +199,15 @@ static int socket_instantiate_service(Socket *s) { assert(s-accept); prefix = unit_name_to_prefix(UNIT(s)-id); -if (!prefix) -return -ENOMEM; +if (n == NULL || *n == '\0') { +if (!(prefix = unit_name_to_prefix(UNIT(s)-id))) +return -ENOMEM; -if (asprintf(name, %s@%u.service, prefix, s-n_accepted) 0) -return -ENOMEM; +r = asprintf(name, %s@%u.service, prefix, s-n_accepted); +if (r 0) +return -ENOMEM; +} else +name = strdup(n); r = manager_load_unit(UNIT(s)-manager, name, NULL, NULL, u); if (r 0) @@ -1080,7 +1084,7 @@ static int socket_open_fds(Socket *s) { if (!know_label) { -r = socket_instantiate_service(s); +r = socket_instantiate_service(s, NULL); if (r 0) return r; @@ -1092,6 +1096,8 @@ static int socket_open_fds(Socket *s) { } know_label = true; +if (s-accept) +unit_ref_unset(s-service); } r = socket_address_listen( @@ -1730,9 +1736,6 @@ static void socket_enter_running(Socket *s, int cfd) { return; } -r = socket_instantiate_service(s); -if (r 0) -goto fail; r = instance_from_socket(cfd, s-n_accepted, instance); if (r 0) { @@ -1757,7 +1760,7 @@ static void socket_enter_running(Socket *s, int cfd) { goto fail; } -r = unit_add_name(UNIT_DEREF(s-service), name); +r = socket_instantiate_service(s, name); if (r 0) goto fail; -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] journald: collect process data from socket data
It was 2014-06-01 nie 07:52, when Lennart Poettering wrote: On Fri, 30.05.14 12:45, Piotr Wilczek (p.wilc...@samsung.com) wrote: This patch adds posibility for journal to get process data from socket data (if available) instead of from procfs. Additionally a new procinfo structure is added to store all process data in single place. This data include creditentials and status. To enable this functionality, SO_PASSPROC socket option must be set. This option is introduced in: http://lwn.net/Articles/600564/ I really *love* this work! It would be fantastic if we could get this done. Hmm, I am not seeting that SO_PASSPROC is actually turned on in this patch? Am I missing something? This really needs to be an option that can be turned on from the sending side, otherwise it would be only half as useful... sending side? Do you mean a daemon have to turn it on? IMHO it is systemd's job to set up a socket for service to log to, or journald's job to request this info to be passed to it. What am I missing? -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpnM0VwgO2tV.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] journald: collect process data from socket data
It was 2014-05-30 pią 14:13, when Michal Sekletar wrote: On Fri, May 30, 2014 at 12:45:21PM +0200, Piotr Wilczek wrote: This patch adds posibility for journal to get process data from socket data (if available) instead of from procfs. Additionally a new procinfo structure is added to store all process data in single place. This data include creditentials and status. To enable this functionality, SO_PASSPROC socket option must be set. This option is introduced in: http://lwn.net/Articles/600564/ With this patch journald cpu usage is decresed by about 20% Signed-off-by: Piotr Wilczek p.wilc...@samsung.com --- Thanks for moving this forward! I hope your attempt will go through David's review. I know that flag was suggested by Kay, but isn't there a nicer way how to expose this to userspace given that in man 7 unix is written following: For historical reasons these socket options are specified with a SOL_SOCKET type even though they are AF_UNIX specific. AFAIK we had only SO_PASSCRED and your patchset adds one more. IMHO there is nothing wrong with SO_PASSPROC being a socket option. There is no better SOL_ (grep -r define.*SOL_ /usr/include/) than SOL_SOCKET and I am not sure we need to introducing one now. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpqV4F3rHM25.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] multiple cgroup hierarchies
Hello. I've tried to update systemd to version 212 in Tizen. After I resolved usual building problems and managed to make my device boot, I hit a number of Failed to create cgroup ... messages. It took me some time to find the reason (ah, the loveliness of parallel processing) which appears to be a piece of software that tries to set up its own cgroup hierarchy and destroys what systemd has done (definitely a bug). However, I can see a problem with systemd too. At some point before v212 Lennart decided[1] to lock /sys/fs/cgroup tmpfs instance mounting it read-only to prevent some issues with shmem. However this commit also prevents other processes from creating their own cgroup hierarchies. My question is: is it deliberate? Is there (going to be?) a way to for third-party software to have their own cgroup hierarchies next to systemd in /sys/fs/cgroup despite of it being remounted read-only? [1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=679142ce4a8def7da43c4d3b2a02bae8c0d21175 Kind regards, -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgp1fEpWryOYO.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Check the right variable for failed open()
--- I am not quite sure but checking r in this if does not make much sense. src/core/cgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 3aeaf56..29ab645 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -920,7 +920,7 @@ int manager_setup_cgroup(Manager *m) { safe_close(m-pin_cgroupfs_fd); m-pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK); -if (r 0) { +if (m-pin_cgroupfs_fd 0) { log_error(Failed to open pin file: %m); return -errno; } -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Add libkmod flags for test_rtnl_manual
--- Makefile.am | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) Without CFLAGS my gcc is unable to find linkmod.h. KMOD_LIBS just look better than -lkomd for me. diff --git a/Makefile.am b/Makefile.am index 0ad1729..6767a76 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1402,10 +1402,14 @@ test_ipcrm_LDADD = \ test_rtnl_manual_SOURCES = \ src/test/test-rtnl-manual.c +test_rtnl_manual_CFLAGS = \ + $(AM_CFLAGS) \ + $(KMOD_CFLAGS) + test_rtnl_manual_LDADD = \ libsystemd-internal.la \ libsystemd-shared.la \ - -lkmod + $(KMOD_LIBS) test_ellipsize_SOURCES = \ src/test/test-ellipsize.c -- 1.9.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Do not cache use_smack() value unless /sys is mounted
It was 2014-03-11 wto 05:12, when Lennart Poettering wrote: On Fri, 28.02.14 17:09, Łukasz Stelmach (l.stelm...@samsung.com) wrote: use_smack() is called very early via mkdir_p_label(). This happens before /sys is mounted and hence before the authoritative information about smack is even available. To prevent caching of the invalid value check whether /sys/fs exists. Hmm, it appears to me that we probably shouldn't invoke mkdir_p_label() that early? Do you know which invocation this is? mount_one() called from mount_setup_early() at src/core/mount-setup.c It sounds really wrong trying to relabel a dir before the policy is actually loaded... mount_one() is used for both mount_setup() and mount_setup_early() and distinguishing them would look odd. --- src/shared/smack-util.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index df194e0..96f365c 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -33,6 +33,9 @@ bool use_smack(void) { #ifdef HAVE_SMACK static int use_smack_cached = -1; +if (use_smack_cached 0 access(/sys/fs/, F_OK) 0) +return false; + if (use_smack_cached 0) use_smack_cached = access(/sys/fs/smackfs/, F_OK) = 0; Lennart -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpfRTSItQ0FA.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [BUG] debug logging is disabled at early stage
Hello All, I am debugging some problems around mount_setup_early() and find that systemd, with log_max_level set to LOG_INFO in log.c and configured hundred lines below in main.c, is unable to tell me things I'd like to know. Just for today I can change log_max_level to LOG_DEBUG but it seems this single throb should be configurable before anything may fail. RFC? -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgp2i3OC39Xj5.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Do not cache use_smack() value unless /sys is mounted
use_smack() is called very early via mkdir_p_label(). This happens before /sys is mounted and hence before the authoritative information about smack is even available. To prevent caching of the invalid value check whether /sys/fs exists. --- src/shared/smack-util.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index df194e0..96f365c 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -33,6 +33,9 @@ bool use_smack(void) { #ifdef HAVE_SMACK static int use_smack_cached = -1; +if (use_smack_cached 0 access(/sys/fs/, F_OK) 0) +return false; + if (use_smack_cached 0) use_smack_cached = access(/sys/fs/smackfs/, F_OK) = 0; -- 1.7.9.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Add -lresolv to libudev LIBADD
It was 2014-02-21 pią 16:22, when Lennart Poettering wrote: On Fri, 21.02.14 15:54, Łukasz Stelmach (l.stelm...@samsung.com) wrote: Fix problems with unresolved symbols when building on Ubuntu 12.04 x86_64. --8---cut here---start-8--- ./.libs/libudev.so: undefined reference to `__res_search' ./.libs/libudev.so: undefined reference to `__res_query' collect2: ld returned 1 exit status --8---cut here---end---8--- This doesn't look right. libudev really shouldn't need libresolv. We should figure out how these calls got pulled in... Let me go step-by-step: --8---cut here---start-8--- $ strings ./.libs/libudev.so | grep __res_'\(query\|search\)' __res_query __res_search # libudev needs libsystemd-internal $ strings ./.libs/libsystemd-internal.a | grep __res_'\(query\|search\)' __res_query __res_search $ grep __res_query [list of objects used to build l-i.a] Binary file src/libsystemd/sd-resolve/.libs/libsystemd_internal_la-sd-resolve.o matches $ rm -f src/libsystemd/sd-resolve/libsystemd_internal_la-sd-resolve.lo \ strace make src/libsystemd/sd-resolve/libsystemd_internal_la-sd-resolve.lo $ grep __res_'\(query\|search\)' /usr/include/resolv.h #define res_query __res_query #define res_querydomain __res_querydomain #define res_search __res_search $ gcc -std=gnu99 [...]-E src/libsystemd/sd-resolve/sd-resolve.c -fPIC \ -DPIC | grep __res_'\(query\|search\)' void __res_close (void) __attribute__ ((__nothrow__ , __leaf__)); int __res_init (void) __attribute__ ((__nothrow__ , __leaf__)); int __res_isourserver (const struct sockaddr_in *) __attribute__ ((__nothrow__ , __leaf__)); int __res_mkquery (int, const char *, int, int, const u_char *, int, const u_char *, u_char *, int) __attribute__ ((__nothrow__ , __leaf__)); int __res_query (const char *, int, int, u_char *, int) __attribute__ ((__nothrow__ , __leaf__)); int __res_querydomain (const char *, const char *, int, int, u_char *, int) __attribute__ ((__nothrow__ , __leaf__)); int __res_search (const char *, int, int, u_char *, int) __attribute__ ((__nothrow__ , __leaf__)); int __res_send (const u_char *, int, u_char *, int) __attribute__ ((__nothrow__ , __leaf__)); # 327 /usr/include/resolv.h 3 4 int __res_hnok (const char *) __attribute__ ((__nothrow__ , __leaf__)); -- do { if ((__builtin_expect(!!(!(length == sizeof(ResRequest) + res_req-dname_len)),0))) log_assert_failed(length == sizeof(ResRequest) + res_req-dname_len, src/libsystemd/sd-resolve/sd-resolve.c, 425, __PRETTY_FUNCTION__); } while (0); dname = (const char *) req + sizeof(ResRequest); if (req-type == REQUEST_RES_QUERY) ret = __res_query(dname, res_req-class, res_req-type, (unsigned char *) answer, 10240); else ret = __res_search(dname, res_req-class, res_req-type, (unsigned char *) answer, 10240); return send_res_reply(out_fd, req-id, (unsigned char *) answer, ret, (*__errno_location ()), (*__h_errno_location ())); } case REQUEST_TERMINATE: --8---cut here---end---8--- There are defines in resolv.h which make res_query() and res_search() be substituted with __res_.* versions. These does not look like Ubuntu specific stuff[1]. [1] https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/resolv.h;h=53c3bba182be49ba0a2372ffba7920c016029ecd;hb=HEAD#l262 -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgp3lwnDs_tBP.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Add -lresolv to libudev LIBADD
It was 2014-02-21 pią 17:06, when Kay Sievers wrote: On Fri, Feb 21, 2014 at 4:58 PM, Łukasz Stelmach l.stelm...@samsung.com wrote: It was 2014-02-21 pią 16:22, when Lennart Poettering wrote: On Fri, 21.02.14 15:54, Łukasz Stelmach (l.stelm...@samsung.com) wrote: Fix problems with unresolved symbols when building on Ubuntu 12.04 x86_64. --8---cut here---start-8--- ./.libs/libudev.so: undefined reference to `__res_search' ./.libs/libudev.so: undefined reference to `__res_query' collect2: ld returned 1 exit status --8---cut here---end---8--- This doesn't look right. libudev really shouldn't need libresolv. We should figure out how these calls got pulled in... Let me go step-by-step: --8---cut here---start-8--- $ strings ./.libs/libudev.so | grep __res_'\(query\|search\)' __res_query __res_search # libudev needs libsystemd-internal $ strings ./.libs/libsystemd-internal.a | grep __res_'\(query\|search\)' This does not seem to happen here. Are you sure that as-needed is working in your setup? Stracing gcc linking libudev.so shows --as-needed interleaved with --no-as-needed. This is how libudev.so.1.4.0 is created --8---cut here---start-8--- /usr/bin/ld.bfd.real --sysroot=/ --build-id --no-add-needed --as-needed --eh-frame-hdr -m elf_x86_64 --hash-style=gnu -shared -z relro -o .libs/libudev.so.1.4.0 /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.6/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. src/libudev/.libs/libudev_la-libudev.o src/libudev/.libs/libudev_la-libudev-list.o src/libudev/.libs/libudev_la-libudev-util.o src/libudev/.libs/libudev_la-libudev-device.o src/libudev/.libs/libudev_la-libudev-enumerate.o src/libudev/.libs/libudev_la-libudev-monitor.o src/libudev/.libs/libudev_la-libudev-queue.o src/libudev/.libs/libudev_la-libudev-hwdb.o --whole-archive ./.libs/libsystemd-internal.a ./.libs/libsystemd-shared.a --no-whole-archive -lrt -ldl --as-needed --no-undefined --gc-sections -z relro -z now --version-script=./src/libudev/libudev.sym -soname libudev.so.1 -lgcc --as-needed -lgcc_s --no-as-needed -lpthread -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/x86_64-linux-gnu/4.6/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o --8---cut here---end---8--- Got it! --whole-archive before libsystemd-*.a that is! --8---cut here---start-8--- $ git grep whole.archive $ grep -rl whole.archive . ./autom4te.cache/output.2 ./autom4te.cache/output.1 ./autom4te.cache/output.0 ./config.status ./build-aux/ltmain.sh ./configure ./m4/libtool.m4 ./libtool --8---cut here---end---8--- -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpdU73u0Ig1s.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd
It was 2014-02-19 śro 20:05, when Zbigniew Jędrzejewski-Szmek wrote: On Wed, Feb 19, 2014 at 04:17:15PM +0100, Łukasz Stelmach wrote: It was 2014-02-19 śro 16:05, when Zbigniew Jędrzejewski-Szmek wrote: On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote: How to have support for more than one security fw reasonably compiled in? (I think this is the moment to create the pattern). Why not? It would be rather constraining for a distribution which wants to support more than one. systemd should just perform the steps necessary for all compiled frameworks compiled in, silently ignoring failures coming from missing frameworks. [...] The most robust way for systemd is: 1) to check in runtime which frameworks are supported, We have use_selinux(), use_apparmor(), use_smack(). 2) to attempt an action for every one of them, 3) to return an error if ANY of the actions fail. In general yes, but different frameworks need hooks in different places. So we generally insert a call to a function specific to a framework, and inside this function, a use_*() test is performed, and suitably, either nothing is done or the setup is performed. If an error happens, it is up to this function to decide whether silent failure, warning, or an error are warranted. OK, how about this? https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=commitdiff;h=4879ed0a3b3942ed0188c2b5a5633f22847ebe76;hp=6300b3eca9e5261b73bd7f1bb9735992b127cd80 https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=blob;f=src/shared/label.c;h=89939217e3d9bce011c125b504978571e7b57c22;hb=4879ed0a3b3942ed0188c2b5a5633f22847ebe76 -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpPxAeTP7PJE.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Set loaded_policy in smack_setup()
It was 2014-02-18 wto 17:51, when Lennart Poettering wrote: On Tue, 18.02.14 16:37, Schaufler, Casey (casey.schauf...@intel.com) wrote: -Original Message- From: Schaufler, Casey Sent: Tuesday, February 18, 2014 8:27 AM To: Lennart Poettering; Łukasz Stelmach Cc: systemd-devel@lists.freedesktop.org; Schaufler, Casey Subject: RE: [systemd-devel] [PATCH] Set loaded_policy in smack_setup() -Original Message- From: Lennart Poettering [mailto:lenn...@poettering.net] Sent: Tuesday, February 18, 2014 8:19 AM To: Łukasz Stelmach Cc: Schaufler, Casey; systemd-devel@lists.freedesktop.org Subject: Re: [systemd-devel] [PATCH] Set loaded_policy in smack_setup() On Tue, 18.02.14 14:39, Łukasz Stelmach (l.stelm...@samsung.com) wrote: Do you have any plans to push the commit[1] upstream? Commit[1] depends on a change to libsmack that is still under discussion. It shouldn't get pushed until the libsmack changes are in. Whoops! My mistake. There is no libsmack dependency. I misread the code. This should be fine to take at some point. Ah, OK. Could you fix the issues I pointed out in that other mail then and rebase, please? Will merge them then! I am working on it. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpwqrrvVrnBX.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [HEADS-UP] It's release time!
It was 2014-02-18 wto 03:26, when Lennart Poettering wrote: Heya! It's release time again! It has been more than 4 months now since the last release. That's kinda emberassing, since we actually intended to go for a 2-3 week cycle... The big dbus transition took some time however. Aynway, I just finished a review of the git history, marked backportable fixes, and put together the NEWS. Kay, Zbigniew, Tom, David, Patrik, anything left to fix before I roll a release? I'd like to roll the release tomorrow (tuesday) or wednesday. Please have a closer look and test! --8---cut here---start-8--- $ git checkout b67f562c9cac44bd78b24f5aae78a1797c5d4182 $ git clean -dfx [...] $ ./autogen.sh [...] $ ./configure [...] $ make [...] CC src/libsystemd/sd-rtnl/libsystemd_la-rtnl-message.lo src/libsystemd/sd-rtnl/rtnl-message.c: In function 'sd_rtnl_message_new_link': src/libsystemd/sd-rtnl/rtnl-message.c:145:55: warning: declaration of 'index' shadows a global declaration [-Wshadow] src/libsystemd/sd-rtnl/rtnl-message.c: In function 'sd_rtnl_message_new_addr': src/libsystemd/sd-rtnl/rtnl-message.c:219:55: warning: declaration of 'index' shadows a global declaration [-Wshadow] src/libsystemd/sd-rtnl/rtnl-message.c: In function 'sd_rtnl_message_append_u8': src/libsystemd/sd-rtnl/rtnl-message.c:431:38: error: 'IFLA_CARRIER' undeclared (first use in this function) src/libsystemd/sd-rtnl/rtnl-message.c:431:38: note: each undeclared identifier is reported only once for each function it appears in src/libsystemd/sd-rtnl/rtnl-message.c: In function 'sd_rtnl_message_append_u32': src/libsystemd/sd-rtnl/rtnl-message.c:514:38: error: 'IFLA_PROMISCUITY' undeclared (first use in this function) src/libsystemd/sd-rtnl/rtnl-message.c:515:38: error: 'IFLA_NUM_TX_QUEUES' undeclared (first use in this function) src/libsystemd/sd-rtnl/rtnl-message.c:516:38: error: 'IFLA_NUM_RX_QUEUES' undeclared (first use in this function) make[2]: *** [src/libsystemd/sd-rtnl/libsystemd_la-rtnl-message.lo] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 --8---cut here---end---8--- I build on Ubuntu 12.04 so there definitely something may be missing in my system and I would like configure or README to tell me what am I missing? README says I need Linux kernel = 3.0 (= 3.8 for Smack). NEWS mentions 3.5 for /dev/kmsg. However, the undeclared symbols above seem to be introduced later - IFLA_CARRIER - v3.9 - IFLA_NUM_[RT]X_QUEUES - v3.6 - IFLA_PROMISCUITY - v3.5 -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpTA_oah7afT.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd
From: Casey Schaufler ca...@schaufler-ca.com Systemd creates directories in /dev. These directories will get the label of systemd, which is the label of the System domain, which is not accessable to everyone. Relabel the directories, files and symlinks created so that they can be generally used. Signed-off-by: Casey Schaufler casey.schauf...@intel.com Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com --- src/shared/label.c | 60 +--- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/shared/label.c b/src/shared/label.c index 4a26ba9..9a1916a 100644 --- a/src/shared/label.c +++ b/src/shared/label.c @@ -41,6 +41,48 @@ static struct selabel_handle *label_hnd = NULL; #endif +#ifdef HAVE_SMACK +#include sys/xattr.h +#include string.h +#define FLOOR_LABEL_ +#define STAR_LABEL * + +static void smack_relabel_in_dev(const char *path) { +struct stat sb; +const char *label; +int r; + +/* + * Path must be in /dev and must exist + */ +if (!path_equal(path, /dev) +!path_startswith(path, /dev)) +return; + +r = lstat(path, sb); +if (r 0) +return; + +/* + * Label directories and character devices *. + * Label symlinks _. + * Don't change anything else. + */ +if (S_ISDIR(sb.st_mode)) +label = STAR_LABEL; +else if (S_ISLNK(sb.st_mode)) +label = FLOOR_LABEL; +else if (S_ISCHR(sb.st_mode)) +label = STAR_LABEL; +else +return; + +r = setxattr(path, security.SMACK64, label, strlen(label), 0); +if (r 0) +log_error(Smack relabeling \%s\ %s, path, strerror(errno)); +return; +} +#endif int label_init(const char *prefix) { int r = 0; @@ -130,6 +172,9 @@ int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) { r = security_getenforce() == 1 ? -errno : 0; } #endif +#ifdef HAVE_SMACK +smack_relabel_in_dev(path); +#endif return r; } @@ -204,6 +249,9 @@ int label_context_set(const char *path, mode_t mode) { if (r 0 security_getenforce() == 0) r = 0; #endif +#ifdef HAVE_SMACK +smack_relabel_in_dev(path); +#endif return r; } @@ -257,10 +305,10 @@ void label_free(const char *label) { } int label_mkdir(const char *path, mode_t mode) { +int r; -/* Creates a directory and labels it according to the SELinux policy */ #ifdef HAVE_SELINUX -int r; +/* Creates a directory and labels it according to the SELinux policy */ security_context_t fcon = NULL; if (!use_selinux() || !label_hnd) @@ -303,7 +351,13 @@ finish: skipped: #endif -return mkdir(path, mode) 0 ? -errno : 0; +r = mkdir(path, mode); +if (r) +return -errno; +#ifdef HAVE_SMACK +smack_relabel_in_dev(path); +#endif +return 0; } int label_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) { -- 1.7.9.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v2 2/2] Set loaded_policy in smack_setup()
With loaded_policy set to true mount_setup() relabels /dev properly. Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com --- src/core/main.c|2 +- src/core/smack-setup.c |6 +- src/core/smack-setup.h |2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/core/main.c b/src/core/main.c index 7566b0a..9c88845 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1309,7 +1309,7 @@ int main(int argc, char *argv[]) { goto finish; if (ima_setup() 0) goto finish; -if (smack_setup() 0) +if (smack_setup(loaded_policy) 0) goto finish; dual_timestamp_get(security_finish_timestamp); } diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 611bfdb..a68605c 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -116,12 +116,14 @@ static int write_rules(const char* dstpath, const char* srcdir) { #endif -int smack_setup(void) { +int smack_setup(bool *loaded_policy) { #ifdef HAVE_SMACK int r; +assert(loaded_policy); + r = write_rules(/sys/fs/smackfs/load2, SMACK_CONFIG); switch(r) { case -ENOENT: @@ -163,6 +165,8 @@ int smack_setup(void) { return 0; } +*loaded_policy = true; + #endif return 0; diff --git a/src/core/smack-setup.h b/src/core/smack-setup.h index ffe9184..8927096 100644 --- a/src/core/smack-setup.h +++ b/src/core/smack-setup.h @@ -23,4 +23,4 @@ along with systemd; If not, see http://www.gnu.org/licenses/. ***/ -int smack_setup(void); +int smack_setup(bool *loaded_policy); -- 1.7.9.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2 2/2] Set loaded_policy in smack_setup()
It was 2014-02-19 śro 14:31, when Lennart Poettering wrote: On Wed, 19.02.14 14:07, Łukasz Stelmach (l.stelm...@samsung.com) wrote: With loaded_policy set to true mount_setup() relabels /dev properly. Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com Patch looks good, but we don't do S-o-b in systemd. WRT the previous patch how should I describe it as Caysey's work mangled by me? --- src/core/main.c|2 +- src/core/smack-setup.c |6 +- src/core/smack-setup.h |2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/core/main.c b/src/core/main.c index 7566b0a..9c88845 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1309,7 +1309,7 @@ int main(int argc, char *argv[]) { goto finish; if (ima_setup() 0) goto finish; -if (smack_setup() 0) +if (smack_setup(loaded_policy) 0) goto finish; dual_timestamp_get(security_finish_timestamp); } diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 611bfdb..a68605c 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -116,12 +116,14 @@ static int write_rules(const char* dstpath, const char* srcdir) { #endif -int smack_setup(void) { +int smack_setup(bool *loaded_policy) { #ifdef HAVE_SMACK int r; +assert(loaded_policy); + r = write_rules(/sys/fs/smackfs/load2, SMACK_CONFIG); switch(r) { case -ENOENT: @@ -163,6 +165,8 @@ int smack_setup(void) { return 0; } +*loaded_policy = true; + #endif return 0; diff --git a/src/core/smack-setup.h b/src/core/smack-setup.h index ffe9184..8927096 100644 --- a/src/core/smack-setup.h +++ b/src/core/smack-setup.h @@ -23,4 +23,4 @@ along with systemd; If not, see http://www.gnu.org/licenses/. ***/ -int smack_setup(void); +int smack_setup(bool *loaded_policy); Lennart -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpyuDm5lyOFG.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd
It was 2014-02-19 śro 14:30, when Lennart Poettering wrote: On Wed, 19.02.14 14:07, Łukasz Stelmach (l.stelm...@samsung.com) wrote: From: Casey Schaufler ca...@schaufler-ca.com Systemd creates directories in /dev. These directories will get the label of systemd, which is the label of the System domain, which is not accessable to everyone. Relabel the directories, files and symlinks created so that they can be generally used. Signed-off-by: Casey Schaufler casey.schauf...@intel.com Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com --- src/shared/label.c | 60 +--- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/shared/label.c b/src/shared/label.c index 4a26ba9..9a1916a 100644 --- a/src/shared/label.c +++ b/src/shared/label.c @@ -41,6 +41,48 @@ static struct selabel_handle *label_hnd = NULL; #endif +#ifdef HAVE_SMACK +#include sys/xattr.h +#include string.h No includes in the middle of files please for normal API stuff. Also, these files are not smack-specific. In order to avoid superfluous #ifdefs, and to avoid uplicate inclusions later on, please just add these to the top of the file, and include string.h unconditionally, and xattr.h only if HAVE_XATTR is defined... +#define FLOOR_LABEL _ +#define STAR_LABEL * hmm, could we rename these to SMACK_LABEL_FLOOR and SMACK_LABEL_STAR? That way they have a namespaced common namespace. + +static void smack_relabel_in_dev(const char *path) { +struct stat sb; +const char *label; +int r; + +/* + * Path must be in /dev and must exist + */ +if (!path_equal(path, /dev) +!path_startswith(path, /dev)) +return; + +r = lstat(path, sb); +if (r 0) +return; + +/* + * Label directories and character devices *. + * Label symlinks _. + * Don't change anything else. + */ +if (S_ISDIR(sb.st_mode)) +label = STAR_LABEL; +else if (S_ISLNK(sb.st_mode)) +label = FLOOR_LABEL; +else if (S_ISCHR(sb.st_mode)) +label = STAR_LABEL; +else +return; + +r = setxattr(path, security.SMACK64, label, strlen(label), 0); +if (r 0) +log_error(Smack relabeling \%s\ %s, path, strerror(errno)); +return; This return is unnecessary... That said, I think it find it nicer if this call would actually return an error, so that the caller decides whether it wants to ignore it, not the function internally. Also, please move the #ifdef HAVE_SMACK checks inside of this function and make it a NOP on non-SMACK builds. That way we only have one #ifdef check for this and not one for each invocation of the function. The compiler should be smart away to suppress the function if it empty. I am not sure about that. If we want smack_relabel_in_dev() to return a value and call it from label_fix() --8---cut here---start-8--- int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) { int r = 0; #ifdef HAVE_SELINUX [...] #endif smack_relabel_in_dev(path); return r; } --8---cut here---end---8--- then it seems better to write --8---cut here---start-8--- #elif defined(HAVE_SMACK) r = smack_relabel_in_dev(path); #endif --8---cut here---end---8--- and be able to add support for a yet undetermined security framework below assuming systemd can have support for only one fw compiled in. How to have support for more than one security fw reasonably compiled in? (I think this is the moment to create the pattern). -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpnrFfEnCqYU.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [HEADS-UP] It's release time!
It was 2014-02-19 śro 15:52, when Tom Gundersen wrote: On Wed, Feb 19, 2014 at 12:19 PM, Łukasz Stelmach l.stelm...@samsung.com wrote: It was 2014-02-18 wto 03:26, when Lennart Poettering wrote: Heya! It's release time again! It has been more than 4 months now since the last release. That's kinda emberassing, since we actually intended to go for a 2-3 week cycle... The big dbus transition took some time however. Aynway, I just finished a review of the git history, marked backportable fixes, and put together the NEWS. Kay, Zbigniew, Tom, David, Patrik, anything left to fix before I roll a release? I'd like to roll the release tomorrow (tuesday) or wednesday. Please have a closer look and test! --8---cut here---start-8--- $ git checkout b67f562c9cac44bd78b24f5aae78a1797c5d4182 $ git clean -dfx [...] $ ./autogen.sh [...] $ ./configure [...] $ make [...] CC src/libsystemd/sd-rtnl/libsystemd_la-rtnl-message.lo src/libsystemd/sd-rtnl/rtnl-message.c: In function 'sd_rtnl_message_new_link': src/libsystemd/sd-rtnl/rtnl-message.c:145:55: warning: declaration of 'index' shadows a global declaration [-Wshadow] src/libsystemd/sd-rtnl/rtnl-message.c: In function 'sd_rtnl_message_new_addr': src/libsystemd/sd-rtnl/rtnl-message.c:219:55: warning: declaration of 'index' shadows a global declaration [-Wshadow] src/libsystemd/sd-rtnl/rtnl-message.c: In function 'sd_rtnl_message_append_u8': src/libsystemd/sd-rtnl/rtnl-message.c:431:38: error: 'IFLA_CARRIER' undeclared (first use in this function) src/libsystemd/sd-rtnl/rtnl-message.c:431:38: note: each undeclared identifier is reported only once for each function it appears in src/libsystemd/sd-rtnl/rtnl-message.c: In function 'sd_rtnl_message_append_u32': src/libsystemd/sd-rtnl/rtnl-message.c:514:38: error: 'IFLA_PROMISCUITY' undeclared (first use in this function) src/libsystemd/sd-rtnl/rtnl-message.c:515:38: error: 'IFLA_NUM_TX_QUEUES' undeclared (first use in this function) src/libsystemd/sd-rtnl/rtnl-message.c:516:38: error: 'IFLA_NUM_RX_QUEUES' undeclared (first use in this function) make[2]: *** [src/libsystemd/sd-rtnl/libsystemd_la-rtnl-message.lo] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 --8---cut here---end---8--- I build on Ubuntu 12.04 so there definitely something may be missing in my system and I would like configure or README to tell me what am I missing? README says I need Linux kernel = 3.0 (= 3.8 for Smack). NEWS mentions 3.5 for /dev/kmsg. However, the undeclared symbols above seem to be introduced later - IFLA_CARRIER - v3.9 - IFLA_NUM_[RT]X_QUEUES - v3.6 - IFLA_PROMISCUITY - v3.5 We probably don't want to support such old kernels much longer, but in this case it was easy enough to fix, so I added the defines to missing.h. Please test and let me know if you are still experiencing problems. src/libsystemd/sd-rtnl/test-rtnl.c needs to #include missing.h -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpi_8QKZip4G.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd
It was 2014-02-19 śro 16:05, when Zbigniew Jędrzejewski-Szmek wrote: On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote: How to have support for more than one security fw reasonably compiled in? (I think this is the moment to create the pattern). Why not? It would be rather constraining for a distribution which wants to support more than one. systemd should just perform the steps necessary for all compiled frameworks compiled in, silently ignoring failures coming from missing frameworks. Hmm... silent ignoring makes things hard to debug. The most robust way for systemd is: 1) to check in runtime which frameworks are supported, 2) to attempt an action for every one of them, 3) to return an error if ANY of the actions fail. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpiM2yv81AYx.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Set loaded_policy in smack_setup()
It was 2014-02-14 pią 02:24, when Lennart Poettering wrote: On Thu, 19.12.13 16:58, Łukasz Stelmach (l.stelm...@samsung.com) wrote: With loaded_policy set to true mount_setup() relabels /dev properly. Hmm, is this still relevant? (this == [1]) I am not grokking this patch though, as the only result of this is that label_fix() is called for all device nodes... However, label_fix() only does something on SELinux systems, it has no effect on SMACK, or does it? What am I missing? Ok, it's been some time. Let me rebase and see... Hmm... It appears this one should have been applied to our tree, where we do something smackish[1] in label_fix(), rather than yours. Casey, Do you have any plans to push the commit[1] upstream? Footnotes: [1] http://article.gmane.org/gmane.comp.sysutils.systemd.devel/15596 [2] https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=commitdiff;h=8445e9990936244ccb0a1023baa5abf77f3ae2c4 -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpHO2jm7EnRY.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Socket activation for Xorg
Hello All. Just a short heads-up. Xserver from Xorg has gained support for socket activation. http://cgit.freedesktop.org/xorg/xserver/commit/?id=b3d3ffd19937827bcbdb833a628f9b1814a6e189 http://cgit.freedesktop.org/xorg/lib/libxtrans/commit/?id=e1e6121a1638d43d9929589b4723da2b38cb6b44 http://cgit.freedesktop.org/xorg/lib/libxtrans/commit/?id=b895d45e225dd3d1bf9d598774d3ae4f29fcbc25 It took some time and a little effort. I'd like to thank Lennart who gave me some directions during last year's systemd hackfest in Brno and Hans de Goede who worked with the patches on the Xorg mailing list. Best regards, -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpjGZ_TzMNuy.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] gpt-auto-generator: skip nonexistent devices
Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com --- Hi, The devices we work with have eMMC chips for storage. The chips provide four hardware partitions. The first is /dev/mmcblk0, it takes almost whole space and holds a GPT with several real partitions (/dev/mmcblk0p?). Then there are three block devices (mmcblk0boot0, mmcblk0boot1, rpmb) that are part of the same hardware as mmcblk0 that are presented by the kernel as children of the latter. That relationship makes gpt-auto-generator try to peek them but since they are not GPT partitions blkid_do_safeprobe() returns -2 making verify_gpt_parition() function return -ENODEV. I am not sure both -1 and -2 returned by blkid_do_safeprobe() should result in -ENODEV in verify_gpt_parition(), however, -ENODEV does not mean IMHO we should stop iterating udev results in enumerate_partitions(). src/gpt-auto-generator/gpt-auto-generator.c |2 ++ 1 file changed, 2 insertions(+) diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index 017c35d..df779ee 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -297,6 +297,8 @@ static int enumerate_partitions(struct udev *udev, dev_t dev) { r = verify_gpt_partition(node, type_id, nr, fstype); if (r 0) { +if (r == -ENODEV) +goto skip; log_error(Failed to verify GPT partition %s: %s, node, strerror(-r)); return r; -- 1.7.9.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Set loaded_policy in smack_setup()
With loaded_policy set to true mount_setup() relabels /dev properly. Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com --- src/core/main.c|2 +- src/core/smack-setup.c |6 +- src/core/smack-setup.h |2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/core/main.c b/src/core/main.c index fe291f8..f91db52 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1286,7 +1286,7 @@ int main(int argc, char *argv[]) { goto finish; if (ima_setup() 0) goto finish; -if (smack_setup() 0) +if (smack_setup(loaded_policy) 0) goto finish; } diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 1434dea..d8e96ed 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -115,12 +115,14 @@ static int write_rules(const char* dstpath, const char* srcdir) { #endif -int smack_setup(void) { +int smack_setup(bool *loaded_policy) { #ifdef HAVE_SMACK int r; + assert(loaded_policy); + r = write_rules(/sys/fs/smackfs/load2, SMACK_CONFIG); switch(r) { case -ENOENT: @@ -155,6 +157,8 @@ int smack_setup(void) { return 0; } + *loaded_policy = true; + #endif return 0; diff --git a/src/core/smack-setup.h b/src/core/smack-setup.h index ffe9184..8927096 100644 --- a/src/core/smack-setup.h +++ b/src/core/smack-setup.h @@ -23,4 +23,4 @@ along with systemd; If not, see http://www.gnu.org/licenses/. ***/ -int smack_setup(void); +int smack_setup(bool *loaded_policy); -- 1.7.9.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [RFC] split journal by loglevel
It was 2013-10-28 pon 19:38, when Lennart Poettering wrote: On Tue, 22.10.13 16:45, Łukasz Stelmach (l.stelm...@samsung.com) wrote: [Adding Dariush Michaluk and Juho Son] Hello Everyone. rant Some of you may know I and my colleagues work hard to make Tizen work for you. /rant Rant? Hmm? By definition[1] (n2 fits best IMHO ;) Tizen is growing really fast and we've got a problem. A lot of code produce a lot of messages. Some of them are more important than others. We want to access debug (and info) messages when a system is working and we don't want to keep them accross rebots. The obvious solution is to split messages into two journal files based on log-level. Less important messages would be saved in /run/log/journal more important ones in /var/log/journal. Sounds like a useful feature! RFC. As obvious as the desired result occurs I am not sure what is the best place to hook and configure it. Is it another keyword (or set of keywords) for SplitMode: level (level+uid, level+login (level+none?))? Or maybe something around MaxLevelStore and line 836 of journald-server.c[1]? I am tempted to suggest to add a new value to Storage=, maybe called level or so? And then add a new switch StoragePersistentLevel= which is only interpreted when Storage= equals level or if it equals auto and /var/log/journal actually exists. Looks reasonable. There is yet another way I can think of: log everything to /run and filter out everything below certain log-level. This solution however may incur moments heavy load on systems during log rotation. RFC. Please give me some clues. We currently operate on the runtime journal only if the system journal is not open. If we keep both open we need to start working on both all the time. I figure this means a number of changes in journald-server.c, but most of them should be fairly straightforward... We'll do. Thank you. [1] http://www.dict.org/bin/Dict?Form=Dict1Query=rantStrategy=*Database=wnSubmit=Submit%20query -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpXZRaav7tTX.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [RFC] split journal by loglevel
Hello Everyone. rant Some of you may know I and my colleagues work hard to make Tizen work for you. /rant Tizen is growing really fast and we've got a problem. A lot of code produce a lot of messages. Some of them are more important than others. We want to access debug (and info) messages when a system is working and we don't want to keep them accross rebots. The obvious solution is to split messages into two journal files based on log-level. Less important messages would be saved in /run/log/journal more important ones in /var/log/journal. RFC. As obvious as the desired result occurs I am not sure what is the best place to hook and configure it. Is it another keyword (or set of keywords) for SplitMode: level (level+uid, level+login (level+none?))? Or maybe something around MaxLevelStore and line 836 of journald-server.c[1]? RFC. There is yet another way I can think of: log everything to /run and filter out everything below certain log-level. This solution however may incur moments heavy load on systems during log rotation. RFC. Please give me some clues. [1] http://cgit.freedesktop.org/systemd/systemd/tree/src/journal/journald-server.c?id=0fb0c56f5283a8a94560f595768a801c8240a9bd#n836 -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpvEBzhSBXJU.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2, ping?] tmpfiles, man: Add xattr support to tmpfiles
It was 2013-07-15 pon 15:22, when Maciej Wereski wrote: diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 519f9bc..92157b5 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -229,6 +229,21 @@ L/tmp/foobar ---- /dev/null/programlisting place of normal path names./para/listitem /varlistentry + +varlistentry +termvarnamet/varname/term +listitemparaSet extended +attributes on item. It should be +used with conjunction with other in conjunction with -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [RFC PATCH] condition: add ConditionFileContains=
It was 2013-07-12 pią 04:48, when Kyungmin Park wrote: On Fri, Jul 12, 2013 at 7:43 AM, Lennart Poettering lenn...@poettering.net wrote: On Thu, 11.07.13 13:37, Dave Reisner (d...@falconindy.com) wrote: +p = strchr(path, ':'); This is going to fail for a file:value pair such as /foo:/bar/baz:value. You could use strrchr(), but then you have to be concerned about matching values with a colon. This might become a problem, but then again, I think it is OK if some files cannot be checked with this. I'd prefer using a space or = as separator as a better choice though, as that's probably less frequent than : in the names of files one would check with this condition setting. Lennart It's another question. the main goal of this patch is that supports conditional execution If some services are executed with given condition, it should check some conditions and execute different flow. if [ condition is 1 ]; then launch A service else if [ condition is 2 ]; then launch B service else launch C service IMHO this looks too complicated to fit into systemd units. To support such (multiple choice) situation (which seems like the the conditions are not properly stated) we can use a generator to link the desired service to the proper target. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [RFC PATCH] condition: add ConditionFileContains=
It was 2013-07-11 czw 19:18, when Karol Lewandowski wrote: Add ability to test if given file contains specified value. File and expected value are given as one argument separated by colon (:), i.e. ConditionFileContains=/sys/module/sn/parameters/enabled:1 --- As above example suggests we use it to conditionally start service based on kernel module parameter value. This can be (ab)used for other/regular files too. RFC I am confused a bit. Although I can see (hardly though) the point but I am not sure, yet another condition in unit files is required. IMHO systemd can check if files required by a service exist (and some other tests which more or less cover test(1) functions) and not lauch the service if they does not but, it is up to the service to check the files' contents. No matter if it is a single character or a 24Mpix jpeg file. Technically, except for the notes already given by others, the patch does not look bad. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Help getting serial console working again after upgrade to systemd?
It was 2013-07-10 śro 20:26, when Dmt Ops wrote: Hey all, I'm starting upgrades to old production servers to newer 64-bit Linux that runs systemd = v195. Serial consoles are always my 1st step. Before upgrade it worked great. After upgrade, with the new systemd-based config, I'm not having much luck so far. I configured the grub conf: serial --unit=0 --speed=57600 --word=8 --parity=no --stop=1 terminal --timeout=3 serial console title PRODUCTION root (hd0,0) kernel /vmlinuz root=/dev/sd1a noresume showopts x11failsafe vga=0x31a console=tty0 console=com1,vga initrd /initrd According to kernel-parameters.txt[1] (it's for 3.10 but I assume there hasn't been any changes in this area for quite some time) you have to use ttyS0 instead of com1. Neither serial-console.txt[2] mentions com[1-4] to be a proper name for a serial port. [1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/kernel-parameters.txt?id=v3.10#n560 [2] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/serial-console.txt?id=v3.10 -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] man: fix a typo in systemd.socket.xml
Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com --- man/systemd.socket.xml |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 0d5652b..515412d 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -388,7 +388,7 @@ on the received socket before exiting. However, it must not unlink the socket from a filesystem. It -should note invoke +should not invoke citerefentryrefentrytitleshutdown/refentrytitlemanvolnum2/manvolnum/citerefentry on sockets it got with varnameAccept=false/varname, but -- 1.7.9.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Describe handling of an AF_UNIX socket
Describe how to handle an AF_UNIX socket, with Accept set to false, received from systemd, upon exit. Signed-off-by: Łukasz Stelmach l.stelm...@samsung.com --- man/systemd.socket.xml | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 6dc847d..f1e7d40 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -381,9 +381,15 @@ performance reasons, it is recommended to write new daemons only in a way that is suitable for -optionAccept=false/option. This -option is mostly useful to allow -daemons designed for usage with +optionAccept=false/option. A daemon +listening on an AF_UNIX socket may, but does not need to, call + citerefentryrefentrytitleclose/refentrytitlemanvolnum2/manvolnum/citerefentry +or + citerefentryrefentrytitleshutdown/refentrytitlemanvolnum2/manvolnum/citerefentry +on the received socket before exiting. However, +it must not unlink the socket from a +filesystem. This option is mostly useful +to allow daemons designed for usage with citerefentryrefentrytitleinetd/refentrytitlemanvolnum8/manvolnum/citerefentry, to work unmodified with systemd socket activation./para/listitem -- 1.7.9.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] how to end a socket activated daemon
It was 2013-06-17 pon 20:51, when Lennart Poettering wrote: On Fri, 14.06.13 14:33, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote: On Fri, Jun 14, 2013 at 10:03:00AM +0200, Łukasz Stelmach wrote: We are converting some daemons to socket activation. Most of them open unix sockets and manage incoming connections in a main-loop, so the easiest way to convert it is to create Accept=false socket with systemd. Now, it is quite well described how to start such daemon, however, there is little about shutting it down. Should the daemon close(2) the received sockets? Should it unlink(2) them from a filesystem? close() yes, unlink() no. Strictly speaking you don't even have to do that. The kernel will clean up left-over fds when your process exits, hence you don't have to close it explicitly. But you certainly should not unlink() the socket in the fs, because then the socket will not be accessible anymore. Maybe I've asked the wrong question. I should rather have asked: Can I close? Can I unlink? Because that's what the code does now and we wanted to know which parts are common for standalone and systemd-socket-activated paths. Thanks for the information. PS. I think this information should be somewher in the docs. Do you think the paragraph describing Accept= in the systemd.socket.5 man page is the right place? -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] udev hwdb: Store binary database in libdir, not in /etc
It was 2013-06-14 pią 13:30, when Jan Janssen wrote: On 06/14/2013 01:08 PM, Tom Gundersen wrote: That said, I don't think libdir is appropriate as this data is not under the control of the package manager (as it is generated at install-time rather than at build-time, it would for instance not be suitable for sharing between hosts). I guess localstatedir would be another alternative, but the problem there is that it is not (necessarily) available during early boot when this db is needed. One could introduce a /cache where such files could be stored. Similar to how /run was introduced to fix a similar issue. The folder would be required to be available at boot time. What's wrong with /var/cache? -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Question about the cross session dependence
It was 2013-04-22 pon 17:43, when Lennart Poettering wrote: On Mon, 22.04.13 00:58, Kok, Auke-jan H (auke-jan.h@intel.com) wrote: On Sun, Apr 21, 2013 at 6:49 PM, Li, Min A min.a...@intel.com wrote: I have a question about the dependence of user and system session. At system session, there is a service which need to be started after X(user session). At first I added “After=xorg.target” at this service, but It is said that the dependence of cross session is not work. Is that true? The user session instance does not know anything about the state of system services. So yes. [...] The much nicer way it to simply teach X11 socket activation. Then you can run it either from the system instance of systemd, or the user instance, and things would just work... I've got a patch for X to make it socket activatable. I hope to release it soon. -- Łukasz Stelmach Software wizzard Samsung Poland RD Center ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v5] systemd-analyze: filter dot output
Make systemd-analyze dot output only lines with units matching given glob(7) patterns. Add --from-pattern and --to-pattern options. Without any patterns all relationships are printed as before. A relationship must match the follwing expression: (isempty(from) || from[0] || from[1] || .. || from[n]) (isempty(to) || to[0] || to[1] || .. || to[n]) (isempty(P) || P[0] || P[1] || ... || P[n]) where from[] and to[] are lists of patterns provided with subsequent --from-pattern and --to-pattern respectively. P[] is a list of additional patterns provided after the dot subcommand. --- man/systemd-analyze.xml | 26 - src/analyze/systemd-analyze.c | 65 ++- 2 files changed, 83 insertions(+), 8 deletions(-) diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 533bc42..c8d0b47 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -58,7 +58,7 @@ commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg plot arg choice=optgt; file.svg/arg/command /cmdsynopsis cmdsynopsis -commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg dot /command +commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg dot arg choice=optpattern.../arg /command /cmdsynopsis /refsynopsisdiv @@ -104,6 +104,10 @@ is passed the generated graph will show both ordering and requirement dependencies./para +paraOptional patterns may be given at the end. The +relationship is printed if any of these matches either +lefthand or righthand node./para + paraIf no command is passed commandsystemd-analyze time/command is implied./para @@ -156,6 +160,26 @@ dependencies of all these types./para/listitem /varlistentry + +varlistentry +termoption--from-pattern=/option/term +termoption--to-pattern=/option/term + +listitemparaWhen used in +conjunction with the +commanddot/command command (see +above), selects which relationships +are shown in the dependency graph. +They both require + citerefentryrefentrytitleglob/refentrytitlemanvolnum7/manvolnum/citerefentry +patterns as arguments, which are +matched against lefthand and +righthand, respectively, nodes of a +relationship. Each of these can be +used more than once which means a +unit name must match one of given +values./para/listitem +/varlistentry /variablelist /refsect1 diff --git a/src/analyze/systemd-analyze.c b/src/analyze/systemd-analyze.c index 029ce9c..375eaed 100644 --- a/src/analyze/systemd-analyze.c +++ b/src/analyze/systemd-analyze.c @@ -25,6 +25,7 @@ #include getopt.h #include locale.h #include sys/utsname.h +#include fnmatch.h #include install.h #include log.h @@ -33,6 +34,7 @@ #include util.h #include strxcpyx.h #include fileio.h +#include strv.h #define SCALE_X (0.1 / 1000.0) /* pixels per us */ #define SCALE_Y 20.0 @@ -60,6 +62,8 @@ static enum dot { DEP_ORDER, DEP_REQUIRE } arg_dot = DEP_ALL; +static char** arg_dot_from_patterns = NULL; +static char** arg_dot_to_patterns = NULL; struct boot_times { usec_t firmware_time; @@ -578,7 +582,7 @@ static int analyze_time(DBusConnection *bus) { return 0; } -static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter) { +static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter, char* patterns[]) { static const char * const colors[] = { Requires, [color=\black\], @@ -621,9 +625,42 @@ static int graph_one_property(const char *name, const char *prop, DBusMessageIte dbus_message_iter_get_arg_type(sub) != DBUS_TYPE_INVALID; dbus_message_iter_next(sub)) { const char *s; +char **p; +bool match_found = true; assert(dbus_message_iter_get_arg_type(sub) == DBUS_TYPE_STRING); dbus_message_iter_get_basic(sub, s); + +STRV_FOREACH(p, arg_dot_from_patterns) { +
[systemd-devel] [PATCH v3] systemd-analyze: filter dot output
Make systemd-analyze dot output only lines with units matching given glob(7) patterns. Add --from-pattern and --to-pattern options. Without any patterns all relationships are printed as before. A relationship must match the follwing expression: (isempty(from-pattern) || from-pattern) (isempty(to-pattern) || to-pattern) (isempty(P) || P[0] || P[1] || ... || P[n]) where P[N] are additional patterns provided after the dot subcommand. --- man/systemd-analyze.xml | 23 - src/analyze/systemd-analyze.c | 48 --- 2 files changed, 63 insertions(+), 8 deletions(-) diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 533bc42..371c245 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -58,7 +58,7 @@ commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg plot arg choice=optgt; file.svg/arg/command /cmdsynopsis cmdsynopsis -commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg dot /command +commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg dot arg choice=optpattern.../arg /command /cmdsynopsis /refsynopsisdiv @@ -104,6 +104,10 @@ is passed the generated graph will show both ordering and requirement dependencies./para +paraOptional patterns may be given at the end. The +relationship is printet if any of these matches either +lefthend or righthand node./para + paraIf no command is passed commandsystemd-analyze time/command is implied./para @@ -156,6 +160,23 @@ dependencies of all these types./para/listitem /varlistentry + +varlistentry +termoption--from-pattern=/option/term +termoption--to-pattern=/option/term + +listitemparaWhen used in +conjunction with the +commanddot/command command (see +above), selects which relationships +are shown in the dependency graph. +They both require + citerefentryrefentrytitleglob/refentrytitlemanvolnum7/manvolnum/citerefentry +patterns as arguments, which are +matched against lefthand and +righthand, respectively, nodes of a +relationship./para/listitem +/varlistentry /variablelist /refsect1 diff --git a/src/analyze/systemd-analyze.c b/src/analyze/systemd-analyze.c index 01bf55e..197ec64 100644 --- a/src/analyze/systemd-analyze.c +++ b/src/analyze/systemd-analyze.c @@ -25,6 +25,7 @@ #include getopt.h #include locale.h #include sys/utsname.h +#include fnmatch.h #include install.h #include log.h @@ -60,6 +61,8 @@ static enum dot { DEP_ORDER, DEP_REQUIRE } arg_dot = DEP_ALL; +static char* arg_from_pattern=NULL; +static char* arg_to_pattern=NULL; struct boot_times { usec_t firmware_time; @@ -578,7 +581,7 @@ static int analyze_time(DBusConnection *bus) { return 0; } -static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter) { +static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter, char* patterns[]) { static const char * const colors[] = { Requires, [color=\black\], @@ -621,9 +624,28 @@ static int graph_one_property(const char *name, const char *prop, DBusMessageIte dbus_message_iter_get_arg_type(sub) != DBUS_TYPE_INVALID; dbus_message_iter_next(sub)) { const char *s; +char **p; assert(dbus_message_iter_get_arg_type(sub) == DBUS_TYPE_STRING); dbus_message_iter_get_basic(sub, s); + +if (arg_from_pattern != NULL fnmatch(arg_from_pattern, name, 0) != 0) +continue; + +if (arg_to_pattern != NULL fnmatch(arg_to_pattern, s, 0) != 0) +continue; + +if (*patterns == NULL) { +goto print; +} + +for (p=patterns; *p != NULL; p++) { +if (fnmatch(*p, name, 0) == 0 || fnmatch(*p, s, 0) == 0) +goto print; +} +
[systemd-devel] [PATCH v4] systemd-analyze: filter dot output
Make systemd-analyze dot output only lines with units matching given glob(7) patterns. Add --from-pattern and --to-pattern options. Without any patterns all relationships are printed as before. A relationship must match the follwing expression: (isempty(from-pattern) || from-pattern) (isempty(to-pattern) || to-pattern) (isempty(P) || P[0] || P[1] || ... || P[n]) where P[N] are additional patterns provided after the dot subcommand. --- This is almost the same as v3 but with a shorter list of parameters for the dot() function. man/systemd-analyze.xml | 23 - src/analyze/systemd-analyze.c | 48 --- 2 files changed, 63 insertions(+), 8 deletions(-) diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 533bc42..371c245 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -58,7 +58,7 @@ commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg plot arg choice=optgt; file.svg/arg/command /cmdsynopsis cmdsynopsis -commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg dot /command +commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg dot arg choice=optpattern.../arg /command /cmdsynopsis /refsynopsisdiv @@ -104,6 +104,10 @@ is passed the generated graph will show both ordering and requirement dependencies./para +paraOptional patterns may be given at the end. The +relationship is printet if any of these matches either +lefthend or righthand node./para + paraIf no command is passed commandsystemd-analyze time/command is implied./para @@ -156,6 +160,23 @@ dependencies of all these types./para/listitem /varlistentry + +varlistentry +termoption--from-pattern=/option/term +termoption--to-pattern=/option/term + +listitemparaWhen used in +conjunction with the +commanddot/command command (see +above), selects which relationships +are shown in the dependency graph. +They both require + citerefentryrefentrytitleglob/refentrytitlemanvolnum7/manvolnum/citerefentry +patterns as arguments, which are +matched against lefthand and +righthand, respectively, nodes of a +relationship./para/listitem +/varlistentry /variablelist /refsect1 diff --git a/src/analyze/systemd-analyze.c b/src/analyze/systemd-analyze.c index 01bf55e..559d588 100644 --- a/src/analyze/systemd-analyze.c +++ b/src/analyze/systemd-analyze.c @@ -25,6 +25,7 @@ #include getopt.h #include locale.h #include sys/utsname.h +#include fnmatch.h #include install.h #include log.h @@ -60,6 +61,8 @@ static enum dot { DEP_ORDER, DEP_REQUIRE } arg_dot = DEP_ALL; +static char* arg_from_pattern=NULL; +static char* arg_to_pattern=NULL; struct boot_times { usec_t firmware_time; @@ -578,7 +581,7 @@ static int analyze_time(DBusConnection *bus) { return 0; } -static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter) { +static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter, char* patterns[]) { static const char * const colors[] = { Requires, [color=\black\], @@ -621,9 +624,28 @@ static int graph_one_property(const char *name, const char *prop, DBusMessageIte dbus_message_iter_get_arg_type(sub) != DBUS_TYPE_INVALID; dbus_message_iter_next(sub)) { const char *s; +char **p; assert(dbus_message_iter_get_arg_type(sub) == DBUS_TYPE_STRING); dbus_message_iter_get_basic(sub, s); + +if (arg_from_pattern != NULL fnmatch(arg_from_pattern, name, 0) != 0) +continue; + +if (arg_to_pattern != NULL fnmatch(arg_to_pattern, s, 0) != 0) +continue; + +if (*patterns == NULL) { +goto print; +} + +for (p=patterns; *p != NULL; p++) { +if (fnmatch(*p, name, 0) == 0 || fnmatch(*p, s, 0) == 0) +
Re: [systemd-devel] [PATCH] systemd-analyze: filter dot output with a regular expression
It was 2013-03-25 pon 23:48, when Lennart Poettering wrote: On Mon, 25.03.13 21:19, Lukasz Stelmach (stl...@poczta.fm) wrote: W dniu 25.03.2013 16:48, Lennart Poettering pisze: On Sun, 24.03.13 13:32, Łukasz Stelmach (stl...@poczta.fm) wrote: Make systemd-analyze dot output only lines matching a regular expression passed on the command line. Without the regular expression print everything. So far we mostly used globs everywhere in system. Does it really make sense to use regexes here? I mean, unit file names on purpose are file-name like, and generally even show up in the file system, so it sounds more natural to me to use fnmatch here? Indeed fnmatch() is better for matching unit names, however, I match the whole line: multi-user.target-basic.target [color=green]; Well, I really wouldn't match the whole line. If people want that they can use grep, no? Not grep, but at least sed (sed -ne '1p' -e '$p' -e '/target.*target/p'). Grep removes the first and last line. This isn't of course a major issue but a noticable annoyance. Wouldn't it be nicer to match either unit name, and that's it? OK. I will do it. rather than the the unit names. To quickly match the line above I use target.*target. A glob that does tha same is *target*target* not as nice, is it? (This is because globs are implicitly anchored at the beginning of strings while regexps are not) Well, but if you apply the fnmatch to both the source and the dest, it will work fine! Indeed. I will post a v2 patch in the evening. Thank you for your comments. -- Łukasz Stelmach Software wizzard Samsung Poland RD Center Al. Armii Ludowej 26, 00-609 Warszawa http://www.rd.samsung.pl ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v2] systemd-analyze: filter dot output
Make systemd-analyze dot output only lines with units matching given glob(7) patterns. With one pattern either unit may match the pattern. With two patterns units need to match the patterns respectively. Without any patterns all relationships are printed. --- This filtering isn't as powerfull as regular expressions but it does its job well. man/systemd-analyze.xml | 8 +++- src/analyze/systemd-analyze.c | 26 +++--- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 533bc42..bf22544 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -58,7 +58,7 @@ commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg plot arg choice=optgt; file.svg/arg/command /cmdsynopsis cmdsynopsis -commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg dot /command +commandsystemd-analyze arg choice=opt rep=repeatOPTIONS/arg dot arg choice=optpattern arg choice=optpattern/arg/arg /command /cmdsynopsis /refsynopsisdiv @@ -104,6 +104,12 @@ is passed the generated graph will show both ordering and requirement dependencies./para +paraOptional patterns may be given to limit the +output. With one pattern all lines for which at least +one of the unit names matches the pattern shall be +printed. With two patterns, the lines for which the +units match patterns respectively./para + paraIf no command is passed commandsystemd-analyze time/command is implied./para diff --git a/src/analyze/systemd-analyze.c b/src/analyze/systemd-analyze.c index 01bf55e..62d14e5 100644 --- a/src/analyze/systemd-analyze.c +++ b/src/analyze/systemd-analyze.c @@ -25,6 +25,7 @@ #include getopt.h #include locale.h #include sys/utsname.h +#include fnmatch.h #include install.h #include log.h @@ -578,7 +579,7 @@ static int analyze_time(DBusConnection *bus) { return 0; } -static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter) { +static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter, const char* nameg, const char* sg) { static const char * const colors[] = { Requires, [color=\black\], @@ -624,14 +625,17 @@ static int graph_one_property(const char *name, const char *prop, DBusMessageIte assert(dbus_message_iter_get_arg_type(sub) == DBUS_TYPE_STRING); dbus_message_iter_get_basic(sub, s); -printf(\t\%s\-\%s\ %s;\n, name, s, c); +if ((nameg == NULL sg == NULL) || +(nameg != NULL sg == NULL (fnmatch(nameg, name, 0) == 0 || fnmatch(nameg, s, 0) == 0)) || +(nameg != NULL sg != NULL (fnmatch(nameg, name, 0) == 0 fnmatch(sg, s, 0) == 0))) +printf(\t\%s\-\%s\ %s;\n, name, s, c); } } return 0; } -static int graph_one(DBusConnection *bus, const struct unit_info *u) { +static int graph_one(DBusConnection *bus, const struct unit_info *u, const char *nameg, const char *sg) { _cleanup_dbus_message_unref_ DBusMessage *reply = NULL; const char *interface = org.freedesktop.systemd1.Unit; int r; @@ -675,7 +679,7 @@ static int graph_one(DBusConnection *bus, const struct unit_info *u) { } dbus_message_iter_recurse(sub2, sub3); -r = graph_one_property(u-id, prop, sub3); +r = graph_one_property(u-id, prop, sub3, nameg, sg); if (r 0) return r; } @@ -683,10 +687,12 @@ static int graph_one(DBusConnection *bus, const struct unit_info *u) { return 0; } -static int dot(DBusConnection *bus) { +static int dot(DBusConnection *bus, char* av[], int oi) { _cleanup_dbus_message_unref_ DBusMessage *reply = NULL; DBusMessageIter iter, sub; int r; +const char *nameg = NULL; +const char *sg = NULL; r = bus_method_call_with_reply( bus, @@ -707,6 +713,12 @@ static int dot(DBusConnection *bus) { return -EIO; } +if (av[oi] != NULL) +nameg = av[oi++]; + +if (av[oi] != NULL) +sg = av[oi++]; + printf(digraph systemd {\n); for (dbus_message_iter_recurse(iter, sub); @@ -718,7 +730,7 @@ static int dot(DBusConnection *bus) { if (r 0) return -EIO; -r = graph_one(bus, u); +r = graph_one(bus, u, nameg, sg); if (r 0)
Re: [systemd-devel] [PATCH] systemd-analyze: filter dot output with a regular expression
It was 2013-03-25 pon 16:48, when Lennart Poettering wrote: On Sun, 24.03.13 13:32, Łukasz Stelmach (stl...@poczta.fm) wrote: Make systemd-analyze dot output only lines matching a regular expression passed on the command line. Without the regular expression print everything. So far we mostly used globs everywhere in system. Does it really make sense to use regexes here? I mean, unit file names on purpose are file-name like, and generally even show up in the file system, so it sounds more natural to me to use fnmatch here? Sounds reasonable and probably would be enough. I'll change it and see how it suits me. static const char * const colors[] = { Requires, [color=\black\], @@ -591,6 +594,7 @@ static int graph_one_property(const char *name, const char *prop, DBusMessageIte After, [color=\green\] }; +char buf[1024]; We generally avoid using fixed size strings like this. Use dynamic memory for this if you can... i.e. asprintf(), and consider freeing it with _cleanup_free_... Sure. I haven't looked around too much before to see you do things like this. I'll change it. -- Łukasz Stelmach Software wizzard Samsung Poland RD Center Al. Armii Ludowej 26, 00-609 Warszawa http://www.rd.samsung.pl ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] systemd-analyze: filter dot output with a regular expression
Make systemd-analyze dot output only lines matching a regular expression passed on the command line. Without the regular expression print everything. --- A graph created with the full output of dot is completely incomprehensible on a regular system. It thus makes perfect sense IMHO to add filtering to systemd-analyze instead of trying to use sed/grep/awk/perl to filter the dependencies but preserving the first and last line with the braces. This, of course, is the first attempt so any comments are more than welcome. src/analyze/systemd-analyze.c | 35 --- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/src/analyze/systemd-analyze.c b/src/analyze/systemd-analyze.c index 01bf55e..bddbeda 100644 --- a/src/analyze/systemd-analyze.c +++ b/src/analyze/systemd-analyze.c @@ -25,6 +25,9 @@ #include getopt.h #include locale.h #include sys/utsname.h +#include sys/types.h +#include regex.h +#include string.h #include install.h #include log.h @@ -578,7 +581,7 @@ static int analyze_time(DBusConnection *bus) { return 0; } -static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter) { +static int graph_one_property(const char *name, const char *prop, DBusMessageIter *iter, regex_t* regexp) { static const char * const colors[] = { Requires, [color=\black\], @@ -591,6 +594,7 @@ static int graph_one_property(const char *name, const char *prop, DBusMessageIte After, [color=\green\] }; +char buf[1024]; const char *c = NULL; unsigned i; @@ -624,14 +628,16 @@ static int graph_one_property(const char *name, const char *prop, DBusMessageIte assert(dbus_message_iter_get_arg_type(sub) == DBUS_TYPE_STRING); dbus_message_iter_get_basic(sub, s); -printf(\t\%s\-\%s\ %s;\n, name, s, c); +snprintf(buf, sizeof(buf), \t\%s\-\%s\ %s;, name, s, c); +if (regexp == NULL || regexec(regexp, buf, 0, NULL, 0) == 0) +puts(buf); } } return 0; } -static int graph_one(DBusConnection *bus, const struct unit_info *u) { +static int graph_one(DBusConnection *bus, const struct unit_info *u, regex_t* regexp) { _cleanup_dbus_message_unref_ DBusMessage *reply = NULL; const char *interface = org.freedesktop.systemd1.Unit; int r; @@ -675,7 +681,7 @@ static int graph_one(DBusConnection *bus, const struct unit_info *u) { } dbus_message_iter_recurse(sub2, sub3); -r = graph_one_property(u-id, prop, sub3); +r = graph_one_property(u-id, prop, sub3, regexp); if (r 0) return r; } @@ -683,10 +689,12 @@ static int graph_one(DBusConnection *bus, const struct unit_info *u) { return 0; } -static int dot(DBusConnection *bus) { +static int dot(DBusConnection *bus, char* regexp_s) { _cleanup_dbus_message_unref_ DBusMessage *reply = NULL; DBusMessageIter iter, sub; int r; +regex_t regexp; +int use_regexp = 0; r = bus_method_call_with_reply( bus, @@ -707,6 +715,16 @@ static int dot(DBusConnection *bus) { return -EIO; } +memset(regexp, 0, sizeof(regexp)); +if (regexp_s != NULL) { +r = regcomp(regexp, regexp_s, REG_NOSUB); +if (r != 0) { +log_error(Invalid regular expression.); +return -EINVAL; +} +use_regexp = 1; +} + printf(digraph systemd {\n); for (dbus_message_iter_recurse(iter, sub); @@ -718,13 +736,16 @@ static int dot(DBusConnection *bus) { if (r 0) return -EIO; -r = graph_one(bus, u); +r = graph_one(bus, u, use_regexp ? regexp : NULL); if (r 0) return r; } printf(}\n); +if (use_regexp) +regfree(regexp); + log_info( Color legend: black = Requires\n dark blue = Requisite\n dark grey = Wants\n @@ -844,7 +865,7 @@ int main(int argc, char *argv[]) { else if (streq(argv[optind], plot)) r = analyze_plot(bus); else if (streq(argv[optind], dot)) -r = dot(bus); +r = dot(bus, argv[optind+1]); else log_error(Unknown operation '%s'., argv[optind]); -- 1.8.1.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org
[systemd-devel] dependencies between instances
Dear All, I was trying to investigate this problem by my own eyeballs. After few hours I am almost sure (I'd be glad to hear it from someone of greater knowledge of systemd than me (which isn't that hard)) there is no link enabling dependencies between units from PID 1 and user session, is there? On the other hand the user's instance shows devices and mounts on its units list (as far as I can tell it enumerates them by wandering around /sys and /proc/mounts). I think it might be quite useful to enable cross instance dependencies like this. For example the network.target (whatever that means). Programmes started as services depending (After) on the network.target need not to implement network detection on their own as they won't be started before everything they expect (whatever that means) is in place. What is your opinion? Is it worth implementing (if it is not there and I have missed something)? -- Łukasz Stelmach Software wizzard Samsung Poland RD Center ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel