Re: [systemd-devel] [RFC] the chopping block

2016-02-13 Thread Christian Seiler
On 02/13/2016 01:01 PM, Lennart Poettering wrote: > On Sat, 13.02.16 00:10, Christian Seiler (christ...@iwakd.de) wrote: > >> On 02/12/2016 10:34 PM, Lennart Poettering wrote: >>> On Fri, 12.02.16 17:49, Simon McVittie (simon.mcvit...@collabora.co.uk) >>> wro

Re: [systemd-devel] [RFC] the chopping block

2016-02-13 Thread Christian Seiler
On 02/13/2016 01:44 PM, Reindl Harald wrote: > [root@mail-gw:~]$ cat /etc/fstab | grep log > UUID=a8fc620d-8046-47a3-8b63-102c525ce5e8 /var/log ext4 defaults, noexec > 0 1 To be fair to Lennart: your specific use case, if /var/log is just a separate partition, will work perfectly fine even

Re: [systemd-devel] [RFC] the chopping block

2016-02-12 Thread Christian Seiler
On 02/12/2016 10:34 PM, Lennart Poettering wrote: > On Fri, 12.02.16 17:49, Simon McVittie (simon.mcvit...@collabora.co.uk) wrote: > >> On 11/02/16 17:06, Lennart Poettering wrote: >>> 5) Here's the controversial one I think: support for booting up >>>without /var. We have kludges at quite a

Re: [systemd-devel] grant users access to certain services only

2015-08-21 Thread Christian Seiler
On 21.08.2015 12:04, Jóhann B. Guðmundsson wrote: Should not the solution for this be tied to the user and group field mentioned in the unit so for example the postgresql type service unit contains... User=postgres Group=postgres Which would mean that the posgres user could

Re: [systemd-devel] Getting EOF on FD#1 stdout (a service using socat)

2015-07-27 Thread Christian Seiler
Am 2015-07-27 12:31, schrieb John Lane: I have a problem with what I thought would be a simple service unit: # /etc/systemd/system/socat.service [Service] ExecStart=/usr/bin/socat UDP-RECV:4321 STDOUT The expected outcome is that /usr/bin/socat UDP-RECV:4321 STDOUT is started with

Re: [systemd-devel] [PATCH 1/2] configure.ac: strip off trailing slashed from $rootprefix

2015-05-30 Thread Christian Seiler
On 05/30/2015 12:42 PM, Daniel Mack wrote: On 05/30/2015 12:31 PM, Christian Seiler wrote: Speaking of: using 'echo' for shell scripting is problematic, because while bash, busybox's sh, mksh, pdksh and zsh don't interpret escape sequences (\n, \0oo, ...) by default when using echo and invoked

Re: [systemd-devel] [PATCH 1/2] configure.ac: strip off trailing slashed from $rootprefix

2015-05-30 Thread Christian Seiler
On 05/30/2015 10:28 AM, Daniel Mack wrote: On 05/30/2015 08:50 AM, Mike Gilbert wrote: On Fri, May 29, 2015 at 8:05 PM, Daniel Mack dan...@zonque.org wrote: Make sure the variable set via --with-rootprefix= does not contain a trailing slash, so man pages can use entities like rootprefix;/lib

Re: [systemd-devel] ExecStart vs ExecStartPre

2015-05-26 Thread Christian Seiler
On 05/26/2015 11:12 PM, Steven Noonan wrote: Hi there, I'm wondering what the functional difference is between doing: ExecStartPre=/bin/foo ExecStart=/bin/bar and ExecStart=/bin/foo ExecStart=/bin/bar From my read of the systemd.service man page, they appear to have the same

Re: [systemd-devel] DefaultDependencies of [Unit]

2015-04-28 Thread Christian Seiler
Am 2015-04-28 11:33, schrieb Lennart Poettering: On Tue, 28.04.15 16:19, 樊超 (fcvi...@gmail.com) wrote: I want to let my service run when shutdown,and it needn't close by systemd,so can i set the DefaultDependencies of [Unit] to no? I don't understand the meaning of DefaultDependencies. It's

Re: [systemd-devel] Another attempt: Making dependencies properly overridable

2015-04-23 Thread Christian Seiler
On 04/23/2015 08:36 PM, Lennart Poettering wrote: I mean, so far the deps we set are combined from: unit file (1) + dropins(2) + .wants/ + .requires/ symlinks (3) + automatic deps

Re: [systemd-devel] Another attempt: Making dependencies properly overridable

2015-04-23 Thread Christian Seiler
On 04/23/2015 08:38 PM, Lennart Poettering wrote: On Sun, 19.04.15 09:29, Andrei Borzenkov (arvidj...@gmail.com) wrote: Unless I'm mistaken, the only real change is that Wants= will clear list, just like it does it for ExecStart=. This should be rather straightforward to implement I guess.

Re: [systemd-devel] is there a plan for NIC teaming support ?

2015-03-12 Thread Christian Seiler
Am 2015-03-12 15:29, schrieb Dax Kelson: Could you please explain (or link to description of) what teamd can do that bonding cannot? Table, info, benchmarks here: http://rhelblog.redhat.com/2014/06/23/team-driver/ [2] On a side note, out of curiosity: does teamd support ARP monitoring if

Re: [systemd-devel] Why don't remote file systems wait for network-online.target?

2015-03-10 Thread Christian Seiler
Am 2015-03-10 12:40, schrieb Martin Pitt: we got a report [1] that NFS fstab mounts (sometimes) aren't being mounted at boot as the network is still down: | mount[866]: mount.nfs: Network is unreachable | systemd[1]: mnt-server.mount mount process exited, code=exited status=32 | systemd[1]:

Re: [systemd-devel] sysv-generator: doesn't handle /etc/insserv/overrides or /etc/chkconfig.d

2015-02-16 Thread Christian Seiler
Am 2015-02-16 13:59, schrieb Lennart Poettering: You couldn't override init scripts that way - if you wanted to do that, you'd have to replace them completely. But if you just want to alter (or even specify for the first time for certain third-party scripts) dependency information but keep

[systemd-devel] Another attempt: Making dependencies properly overridable

2015-02-16 Thread Christian Seiler
Am 2015-02-16 14:16, schrieb Lennart Poettering: On Mon, 16.02.15 14:13, Michael Biebl (mbi...@gmail.com) wrote: Not quite. While you can use drop-in snippets to amend orderings/depends, it's (unfortunately) not possible to override Wants=,Before= etc. There have been discussions to allow

Re: [systemd-devel] sysv-generator: doesn't handle /etc/insserv/overrides or /etc/chkconfig.d

2015-02-16 Thread Christian Seiler
Hi, Would you accept a patch that makes the sysv-generator consider these local overrides? (I have a test patch just for insserv/overrides that's diffstat +14 -8; for chkconfig.d it would be a bit more longer, because you can override individual settings there (and not just all of them at

Re: [systemd-devel] sysv-generator: doesn't handle /etc/insserv/overrides or /etc/chkconfig.d

2015-02-16 Thread Christian Seiler
resending, didn't go to list the first time (sorry for the duplicate) Am 16.02.2015 um 12:00 schrieb Jóhann B. Guðmundsson: In the simplest case, the init script is trivial and you just create a simple native service and are better off anyway. But most of the time, init scripts where you want

[systemd-devel] sysv-generator: doesn't handle /etc/insserv/overrides or /etc/chkconfig.d

2015-02-15 Thread Christian Seiler
Hi, I just noticed that sysv-generator doesn't handle /etc/insserv/overrides (e.g. older SuSE, Debian) or /etc/chkconfig.d (e.g. RHEL = 6, Centos, old Fedora), it just ignores it, thus not retaining administrator overrides to init script headers. Now obviously, one can create a native unit file

Re: [systemd-devel] Container, private network and socket activation

2015-02-03 Thread Christian Seiler
Am 03.02.2015 um 22:06 schrieb Lennart Poettering: Socket activation is somethings daemons need to support explicitly. Many do these days, but I don't think Apache is one of them. FYI: all released versions (i.e. up to 2.4.x) of Apache httpd don't support it yet, but the current development

Re: [systemd-devel] [PATCH v2 1/2] systemd.unit(5): add examples for common tasks

2015-01-27 Thread Christian Seiler
Am 27.01.2015 um 19:12 schrieb Lennart Poettering: On Tue, 27.01.15 17:45, Christian Seiler (christ...@iwakd.de) wrote: Add examples for (a) making units enableable and (b) overriding vendor settings to the man page. I am not a native english speaker, but I am not sure there's a word like

Re: [systemd-devel] [PATCH 2/2] logind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERM

2015-01-27 Thread Christian Seiler
Am 27.01.2015 um 19:02 schrieb Lennart Poettering: Merged this one too, made some changes first howver. I reworked this to use our chmod_and_chown() helper, and removed the bit that checks whether the mount point actually was a mount point after umount2(). I really prefer if we can just check

[systemd-devel] [PATCH v3] systemd.unit(5): add examples for common tasks

2015-01-27 Thread Christian Seiler
Am 27.01.2015 um 19:32 schrieb Lennart Poettering: On Tue, 27.01.15 19:26, Christian Seiler (christ...@iwakd.de) wrote: Will send second patch after your response to my question. Uh, which question are you precisely referring to? Forget it, I answered that question myself and forgot to edit

Re: [systemd-devel] logind vs CAP_SYS_ADMIN-lessness

2015-01-27 Thread Christian Seiler
On a general note: the stuff I mentioned that I did to modify the container was just taken from the lxc-debian template that comes with LXC 1.0, and I didn't have time to look at it thoroughly to see what's actually needed there. The stuff I mentioned was more along the lines of 'what I did to get

[systemd-devel] [PATCH v3] systemd.service(5): add some simple examples

2015-01-27 Thread Christian Seiler
Am 27.01.2015 um 21:45 schrieb Lennart Poettering: On Tue, 27.01.15 17:45, Christian Seiler (christ...@iwakd.de) wrote: +paraNote that systemd assumes here that the +program will continue running in the foreground +as long

Re: [systemd-devel] logind vs CAP_SYS_ADMIN-lessness

2015-01-27 Thread Christian Seiler
Am 27.01.2015 um 14:46 schrieb Lennart Poettering: Note that $container_ttys= is actually just a frontend for dynamically instantiating console-getty@.service instances for the specified ptys. You can just enable them statically too. No, I can't, because you only support PTY numbers in that

Re: [systemd-devel] Examples in man pages

2015-01-27 Thread Christian Seiler
Just a heads-up: while reading the Unwants thread I noticed that dependencies are the only types of lists in unit files that can't be reset, so my example in there actually doesn't work, so please don't commit my patch just now. I'm writing more examples and will resubmit anyway. Christian

Re: [systemd-devel] Unwants

2015-01-27 Thread Christian Seiler
Am 27.01.2015 um 15:45 schrieb Zbigniew Jędrzejewski-Szmek: On Tue, Jan 27, 2015 at 01:36:41PM +0100, Lennart Poettering wrote: Dependencies are always additive and coalescing currently. We don't track which configuration file or automatic logic created which dependency, and hence it is not

[systemd-devel] [PATCH v2 2/2] systemd.service(5): add some simple examples

2015-01-27 Thread Christian Seiler
Add a couple of exampels, at least one for each service type that include some explanations and pointers to various relevant options. --- man/systemd.service.xml | 332 1 file changed, 332 insertions(+) diff --git a/man/systemd.service.xml

[systemd-devel] [PATCH v2 1/2] systemd.unit(5): add examples for common tasks

2015-01-27 Thread Christian Seiler
Add examples for (a) making units enableable and (b) overriding vendor settings to the man page. --- man/systemd.unit.xml | 164 +++ 1 file changed, 164 insertions(+) diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index e820b33..8714f70

Re: [systemd-devel] Examples in man pages

2015-01-24 Thread Christian Seiler
Am 24.01.2015 um 15:18 schrieb Zbigniew Jędrzejewski-Szmek: On Sat, Jan 24, 2015 at 02:13:00PM +0100, Christian Seiler wrote: +example +titleMaking a unit enableable/title + +paraThe following snippet makes a unit

Re: [systemd-devel] logind vs CAP_SYS_ADMIN-lessness

2015-01-23 Thread Christian Seiler
Am 23.01.2015 um 18:57 schrieb Lennart Poettering: Am 2015-01-23 08:29, schrieb Mantas Mikulėnas: IIRC, the reason for tmpfs on /run/user/* was lack of tmpfs quotas... if thats still a problem, maybe there could be one tmpfs at /run/user, still preventing users from touching root-only /run?

Re: [systemd-devel] service.d/.conf files and multi-valued options

2015-01-23 Thread Christian Seiler
Am 2015-01-23 14:27, schrieb Lennart Poettering: Yes, it does, although only in the general systemd.unit(5), not in the specific options, so maybe it's not that easy to find. Actually, it kinda says it in the specific options. From the explanation of ExecStart=: ...If the empty string is

Re: [systemd-devel] service.d/.conf files and multi-valued options

2015-01-23 Thread Christian Seiler
Am 2015-01-23 12:21, schrieb Matthias Urlichs: Igor Bukanov: It is not clear from the systemd.unit manual page what happens when foo.service.d/bar.conf sets an option like Service/ExecStartPre that can be specified multiple times. From experimenting I see that *.conf files supply additional

[systemd-devel] [PATCH 1/2] logind: remove per-user runtime dir again if setup fails

2015-01-23 Thread Christian Seiler
If setup of per-user runtime dir fails, clean up afterwards by removing the directory before returning from the function, so we don't leave the directory behind. If this is not done, the second time the user logs in logind would assume that the directory is already set up, even though it isn't.

[systemd-devel] [PATCH 2/2] logind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERM

2015-01-23 Thread Christian Seiler
In containers without CAP_SYS_ADMIN, it is not possible to mount tmpfs (or any filesystem for that matter) on top of /run/user/$UID. Previously, logind just failed in such a situation. Now, logind will resort to chown+chmod of the directory instead. This allows logind still to work in those

Re: [systemd-devel] logind vs CAP_SYS_ADMIN-lessness

2015-01-23 Thread Christian Seiler
Am 2015-01-23 08:29, schrieb Mantas Mikulėnas: IIRC, the reason for tmpfs on /run/user/* was lack of tmpfs quotas... if thats still a problem, maybe there could be one tmpfs at /run/user, still preventing users from touching root-only /run? Yes, that's a good idea. Initially when posting

[systemd-devel] logind vs CAP_SYS_ADMIN-lessness

2015-01-22 Thread Christian Seiler
I've been playing around with systemd on Debian Jessie in CAP_SYS_ADMIN-less and I came upon the following issue[1]: Without CAP_SYS_ADMIN, logind is unable to mount a per-user tmpfs to /run/user/$UID. Relevant journal messages: systemd-logind[48]: Failed to mount per-user tmpfs directory

Re: [systemd-devel] Shutdown problems

2014-11-07 Thread Christian Seiler
Am 2014-11-07 04:07, schrieb Nikolaus Rath: $ cat /lib/systemd/system-shutdown/debug.sh #!/bin/sh exec /shutdown.log exec 21 mount -o remount,rw / Well, you need to mount / rewrite *before* redirecting output into a file. Try putting the 'mount -o remount,rw /' line to the top of the script

Re: [systemd-devel] [PATCH v3] systemctl: add edit verb

2014-10-22 Thread Christian Seiler
Am 2014-10-22 10:36, schrieb Lennart Poettering: We can do this for the pager because there is no arguments to give, here we have a list of paths. THinking about this: are all those editors actually fine with editing multiple files at once? is nano? I know for certain that nano, vim, emacs,

Re: [systemd-devel] [PATCH] Apply ProtectSystem to non-merged /usr directories

2014-10-21 Thread Christian Seiler
Am 2014-10-20 17:05, schrieb Lennart Poettering: I am sorry, but this is nothing we want to support. Monopolizing the OS in /usr is what makes ProtectSystem= work. If you split things up into many dirs then you will simply not get the same level of protection. We will not try to list every

Re: [systemd-devel] [PATCH] Apply ProtectSystem to non-merged /usr directories

2014-10-21 Thread Christian Seiler
Am 2014-10-21 14:28, schrieb Lennart Poettering: We explicitly make no assumptions on /opt because nobody knows right now what it is supposed to be... Sure, I wasn't disputing that point. Same for /usr, /bin, /sbin, and the other stuff Martin#s patch added: we cannot make assumptions about

[systemd-devel] [PATCH] cryptsetup: Support key-slot option

2014-01-26 Thread Christian Seiler
Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of

[systemd-devel] Have timers fire after boot is complete

2012-09-27 Thread Christian Seiler
Hello, one of the most-requested features that is not present in systemd currently is a true rc.local-type functionality that runs after all other services. I haven't read all past discussions, but from what I've gathered the main objection from the systemd developers is that having a catch-all

Re: [systemd-devel] Have timers fire after boot is complete

2012-09-27 Thread Christian Seiler
Am 27.09.2012 12:07, schrieb Jóhann B. Guðmundsson: On 09/27/2012 08:33 AM, Christian Seiler wrote: one of the most-requested features that is not present in systemd currently is a true rc.local-type functionality that runs after all other services. Any particular reason why those user just

Re: [systemd-devel] Have timers fire after boot is complete

2012-09-27 Thread Christian Seiler
I haven't read all past discussions, but from what I've gathered the main objection from the systemd developers is that having a catch-all After=* dependency would not be the sane thing to do. Can you just use a Type=idle unit? From man systemd.service: Behavior of idle is very similar to

Re: [systemd-devel] Have timers fire after boot is complete

2012-09-27 Thread Christian Seiler
If you want to run a script in the very end of everything you simply order it after the default target as in [Unit] Description=My custom script After=default.target [Service] Type=oneshot ExecStart=/path/to/my/custom/script [Install] WantedBy=default.target Hmmm, I remember vaguely that