Hello Everyone-
The rkt container engine wants to run with different permissions pre-start
and start. In pre-start it needs to fetch/download the container image
which is an unprivileged operation. In start it needs admin level
permissions to start the container stage1 (e.g. systemd-nspawn) and mo
Access to the system dbus is controlled by dbus policies. You will need to
write a policy for giving this user access to the systemd1 object.
On May 28, 2015 2:28 PM, wrote:
> I'm working on an embedded system, and I ran into a situation where a
> non-root user needs to runs systemctl, but when I
Hey Lennart-
On Tue, Feb 3, 2015 at 10:32 AM, Brandon Philips wrote:
> On Tue, Feb 3, 2015 at 10:20 AM, Lennart Poettering
> wrote:
>> I have added DefaultDependencies= for you now:
>>
>> http://cgit.freedesktop.org/systemd/systemd/commit/?id=261420ba2a20305ad271b6f5f3
For context this puts a toggle on this feature added to nspawn:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=28650077f36466d9c5ee27ef2006fae3171a2430
I encouraged Jay to make it an opt-in flag so as to not break other
people who had working setups when using nspawn as a minimal ns
wrappe
On Tue, Feb 3, 2015 at 10:20 AM, Lennart Poettering
wrote:
> I have added DefaultDependencies= for you now:
>
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=261420ba2a20305ad271b6f5f380aa74c5c9dd50
Thank you. I will work on getting Docker fixed up to fix this annoying behavior.
Brandon
Hello-
How is a user supposed to disable DefaultDependencies on a scope? From
the docs it seems like it should work:
"Unless DefaultDependencies=false is used, scope units will implicitly
have dependencies of type Conflicts= and Before= on shutdown.target."
But, in practice:
systemd-run --scope
Hey Dan-
On Thu, Jun 19, 2014 at 12:37 PM, Dan Mace wrote:
> This is on my backburner at the moment while I work on some other things.
Did you ever try things out with Go 1.3?
Thanks!
Brandon
___
systemd-devel mailing list
systemd-devel@lists.freedes
On Thu, Jun 19, 2014 at 12:37 PM, Dan Mace wrote:
> This is on my backburner at the moment while I work on some other things.
> Hitting the segfault while testing our primary use case and being unable to
> reproduce the error made me nervous enough that I don't feel comfortable
> promoting any
On Sat, Jun 14, 2014 at 8:13 AM, Zbigniew Jędrzejewski-Szmek
wrote:
> I think that designing the api in steps like this will make it harder
> to get a consistent design. The journal api is rather small, so I don't
> think it is hard to cover most of it in the initial design. In my
> experience, ge
On Tue, Jun 10, 2014 at 6:07 AM, Dan Mace wrote:
>> Subject: Re: [systemd-devel] Soliciting feedback for golang bindings to the
>> systemd journal C API
>>
>> The CoreOS crew has already done most of this work by writing a native
>> Go implementation (rather than wrapping the C APIs).
>>
>
> Can
On Mon, Jun 9, 2014 at 11:56 AM, Dan Mace wrote:
> http://fpaste.org/107299/14019224/
Hrm, odd. Was it with the given tests? I will try it out and see if I
can reproduce. I don't see anything immediately wrong in the code.
Thanks,
Brandon
___
syste
On Wed, Apr 23, 2014 at 2:36 PM, Lennart Poettering
wrote:
> This looks correct, but could you move this into job_coldplug()?
I rewrote the patch to be in job_coldplug() and tested. Patch attached.
0001-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
Description: Binary data
__
This is a better approach that was suggested by Mike and ack'd by Tom.
Some DHCP servers gives you a netmask of 255.255.255.255 so the gateway is not
routable. Other DHCP client implementations look through the existing routes to
figure out if they should add an explicit host route. See below for
Some DHCP servers gives you a netmask of 255.255.255.255 so gateway is
not routable. Make a host route instead.
This fixes the issue but the implementation is very specific. It would
probably be better to check the route table first. What do you think?
The code from dhcpcd that works around this
Also, in commit aca07 my Debian Wheezy container broke because
/usr/bin/getent doesn't understand initgroups. Is there a way to
workaround this?
On Thu, Mar 13, 2014 at 3:31 PM, Brandon Philips wrote:
> With systemd 211 nspawn attempts to create the home directory for the
> given u
With systemd 211 nspawn attempts to create the home directory for the
given uid. However, if the home directory already exists then it will
fail. Don't error out on -EEXIST.
0001-nspawn-allow-EEXIST-on-mkdir_safe-home-uid.patch
Description: Binary data
On Sun, Oct 6, 2013 at 3:10 PM, Lennart Poettering
wrote:
> So, yeah, if you respond to each UnitNew signal you get with a property
> Get/GetAll call, then this will result in endless ping pong, which is
> certainly not a good idea.
>
> What are you trying to do? Write some tool that tracks all un
/5bd36998829ca44c25c3798afd3c77c147b1ba27/gistfile1.txt
This isn't very nice because I need to explicitly guard against
getting into an infinite loop of looking up properties on non-existent
units.
Thanks,
Brandon
On Thu, Oct 3, 2013 at 6:04 AM, Brandon Philips wrote:
> On Thu, Oct 3, 2013 at 5:54 AM
On Thu, Oct 3, 2013 at 5:54 AM, Mantas MikulÄ—nas wrote:
> They do, but the state might have changed again between receiving
> PropertiesChanged and retrieving the new value.
This is OK for my current use case. I will program against
PropertiesChanged and wait for Lennart's changes that include th
Hello-
While writing against the dbus bindings I found one missing feature:
signals from org.freedesktop.systemd1.Manager on unit "ActiveState"
changes.
I can do this today by polling ListUnits but I would rather not have
my process doing this.
There are two possible APIs:
1. Distinct signal pe
I mispoke. It isn't broken I just got a warning and my container was
broken in another way. :-/
[/run/systemd/system/nspawn@.service:14] Unknown lvalue 'ControlGroup'
in section 'Service'
In any case it would be nice to remove the warning.
On Mon, Sep 16, 2013 at 7:38 A
ControlGroup= is deprecated now drop this from
systemd-nspawn@.service. Without this 206 has a broken systemd-nspawn@
unit.
0001-systemd-nspawn-drop-ControlGroup.patch
Description: Binary data
___
systemd-devel mailing list
systemd-devel@lists.freedeskt
The online help shows the keys as uppercase but the code and manpage say
lower case. Make the online help follow reality.
0001-cgtop-fixup-the-online-help.patch
Description: Binary data
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
Attaching the patch since I don't have a mail client at the moment
that can keep itself from breaking patches.
On Sat, Jul 27, 2013 at 9:55 AM, Brandon Philips wrote:
> The volatile path was '/run/systemd/systemd' when it should be
> '/run/systemd/system'. Fix.
&g
The volatile path was '/run/systemd/systemd' when it should be
'/run/systemd/system'. Fix.
---
man/systemd.unit.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index f6a0791..2f65ec6 100644
--- a/man/systemd.unit.xml
+++ b/man/sys
journalctl -f redirected to a pipe or file wasn't working for some
output formats but was working for json. It turns out only json was
doing an fflush.
Make all output formats flush.
---
src/shared/logs-show.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/shared/l
Initial commit of a tmpfiles.d manpage.
I ran it through xmllint but I don't know how to make it look pretty
like the rest of the xml files. :-P
Signed-off-by: Brandon Philips
---
Makefile.am|3 +-
man/tmpfiles.d.xml | 149 ++
27 matches
Mail list logo