Re: [systemd-devel] RFC: Passing on initial client user in systemd-userdbd

2022-11-29 Thread Lennart Poettering
erdbd drops all > capabilities, and sending SO_PASSCRED requires CAP_SYS_ADMIN… > > What do we do about that? Just add the capability to the service unit file. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] RFC: Passing on initial client user in systemd-userdbd

2022-11-28 Thread Lennart Poettering
not bother with this at all, since the kernel well attach this info anyway if needed. Only impersonators need to attach SCM_CREDENTIALS explicitly, and userdb should be one of these impersonators. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] RFC: Passing on initial client user in systemd-userdbd

2022-11-28 Thread Lennart Poettering
the varlink API please report the SCM_CREDENTIALS ucred seperately from the SO_PEERCRED though (i.e. from the current ucreds we already store). For various purposes it is interesting to know the identity of the process initiating the connection, if it's different from the process actually sending messages over it. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] RFC: Passing on initial client user in systemd-userdbd

2022-11-25 Thread Lennart Poettering
: automatic translation of UIDs by the kernel in regards to userns, and the kernel will implicitly validate for us whether the on-behalf-of impersonation shall be allowed or not. Does that make sense? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Some questions on userdbd and providing a compatible service

2022-11-24 Thread Lennart Poettering
end to make > homed start managing the home directory for this user? Nope, currently not. homed is a *provider* of user records, not a consumer. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Some questions on userdbd and providing a compatible service

2022-11-24 Thread Lennart Poettering
as a lot on implicit and explicit state attached to the PAM handle... And you can have PAM conversations and so on (i.e. prompting arbitrary questions) which makes PAM compat really really messy... Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Some questions on userdbd and providing a compatible service

2022-11-24 Thread Lennart Poettering
ed on > verbatim, or stripped, or cause an error preventing the User Record > from being handled at all? It's supposed to be extensible. → https://systemd.io/USER_RECORD/#extending-these-records Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Some questions on userdbd and providing a compatible service

2022-11-24 Thread Lennart Poettering
to be >static. Are there any ideas around here where such a token could be >stored during the user session? Kernel keyring for the user? It's where kerberos stuff is stored, and is probably the best place. The API is a bit convoluted, but this has been done before. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Prevent firmware from falling back to next EFI boot option on secure boot failure?

2022-11-23 Thread Lennart Poettering
On Mi, 23.11.22 17:56, Lennart Poettering (lenn...@poettering.net) wrote: > > If this is a bug, I'd be willing to attempt a pull request submission > > if a suggested fix is given. Overall we like the functionality > > sd-boot provides and the integration with systemd,

Re: [systemd-devel] Prevent firmware from falling back to next EFI boot option on secure boot failure?

2022-11-23 Thread Lennart Poettering
; if a suggested fix is given. Overall we like the functionality > sd-boot provides and the integration with systemd, but this is likely > a hard requirement for our use case. Yes please file an issue on github first, and this does sound a lot like something we should fix, hence a PR that addresses this would be more than welcome, too. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Prevent firmware from falling back to next EFI boot option on secure boot failure?

2022-11-23 Thread Lennart Poettering
tirely sure this works correctly though. There might be a bug lurking somewhere. it's simply not a case we regular test for. But it should be a case that just works. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] dependent services status

2022-11-21 Thread Lennart Poettering
parent process when the main service process finished startup. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Preventing automatic driver loading on live boot disk

2022-11-18 Thread Lennart Poettering
On Do, 17.11.22 21:41, Andrei Borzenkov (arvidj...@gmail.com) wrote: > On 17.11.2022 20:48, Lennart Poettering wrote: > > On Do, 17.11.22 18:17, Vadim Lebedev (vadiml1...@gmail.com) wrote: > > > > > Awesome, thanks, it is EXTREMELY useful > > > | Find the rig

Re: [systemd-devel] Preventing automatic driver loading on live boot disk

2022-11-17 Thread Lennart Poettering
s, like you already are using. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Preventing automatic driver loading on live boot disk

2022-11-17 Thread Lennart Poettering
dalias string. You can denylist that string for your hw and thus disable the autoloading. Use "grep . /sys/bus/*/*/*/modalias" to get a list of the actual modalias strings requested on your system. The one nuveau.ko matched against will be among them. Find the right one and denylist it. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-repart with multiple block devices

2022-11-17 Thread Lennart Poettering
spect that or even respond to you then. Public mailing lists have public archives, they are not confidential, hence do not send an email to it you expect to remain confidential. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Antw: [EXT] [systemd???devel] starting networking from within single user mode?

2022-11-14 Thread Lennart Poettering
On Mo, 14.11.22 15:06, Michael Biebl (mbi...@gmail.com) wrote: > Yeah, can we please block this Ulrich Windl guy. > He's been more of a nuisance than a benefit to this community. I have put him on moderation now. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] starting networking from within single user mode?

2022-11-11 Thread Lennart Poettering
as to overcome systemd's > misconception that the root account was locked. systemd doesn't manage your root user. That's between you and "shadow-utils" really. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] starting networking from within single user mode?

2022-11-11 Thread Lennart Poettering
tc. > > When I try to start networking with 'systemctl', I see this error: > > systemd "failed to connect to bus; No such file or directory" > > What can I do to minimally bring up the networking service? I don't even > have any network devices at this point... You can

Re: [systemd-devel] Warning "Supervising process..." due to SIGCHLD from grand-parent

2022-10-31 Thread Lennart Poettering
On Mo, 31.10.22 11:40, Lennart Poettering (lenn...@poettering.net) wrote: > This is almost certainly a bug in chrony. If you use Type=forking, > then the process that systemd forks off (let's call it "P") should > wait until all of the below holds: > > 1. The middl

Re: [systemd-devel] Warning "Supervising process..." due to SIGCHLD from grand-parent

2022-10-31 Thread Lennart Poettering
orking, then the process that systemd forks off (let's call it "P") should wait until all of the below holds: 1. The middle child P' has exited 2. The grandchild (and main daemon process) P'' is running 3. The PID file has been successfully written to contain the PID of P''. That all said, it's 2022, maybe chrony should just use Type=notify and sd_notify() like any modern code? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Antw: Re: Antw: [EXT] Re: SOLVED: daemon-reload does not pick up changes to /etc/systemd/system during boot

2022-10-24 Thread Lennart Poettering
ly tells > > starting multi-user.target via ExecStart=systemctl start starts all depending > units, and probably one of those starts the multi-user.target again. > That's what I call recursive. If you enqueue a unit for starting while it is already enqueued for starting this has no effect. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-container: Trying to use a bookworm chroot with a buster host fails / Failed to create /init.scope control group

2022-10-20 Thread Lennart Poettering
nto cgroupsv1 mode as the host (by adding systemd.unified_cgroup_hierarchy=no to the nspawn cmdline, does that work?" Also, please provide the relevant output from "strace -f -s 500 -y -o /tmp/log.strace" (put on some pastebin) Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd.mount - How to disable the auto-creation of the directory (directories)

2022-10-20 Thread Lennart Poettering
an error? Add a .mount drop-in for your unit that sets AssertPathExists= to your path in the [Unit] section. i.e. create /etc/systemd/system/mnt-x.mount.d/50-myassert.conf, and add: [Unit] AsserPathExists=/mnt/x into it. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Antw: [EXT] Finding network interface name in different distro

2022-10-19 Thread Lennart Poettering
running Alma 8 it's eno1. > > Wasn't the idea of "BIOS device name" that the interface's name > matches the label printed on the chassis? Yes, but not all devices have the necessary firmware metadata. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Finding network interface name in different distro

2022-10-19 Thread Lennart Poettering
eeds to > be installed. This will yield the traditional ethX, wlanX, etc interface > names that are ordered by default the way they used to be. Of course, this > does not scale well when you have hotplug devices with many pci ports and > ethernet cards if you ever need to replace one c

Re: [systemd-devel] Finding network interface name in different distro

2022-10-19 Thread Lennart Poettering
_NAME is not always present, so I don't have a good > solution for now. > (I'm assuming policy kernel can be ignored on amd64 servers, maybe > I'm wrong) udev will rename interfaces it finds based on the data in ID_NET_NAME. I the ID_NET_NAME prop is never set, then udev won't rename the interface. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] limiting NFS activity

2022-10-18 Thread Lennart Poettering
bly not attributed back to a process and hence a cgroup. You might want to ask the NFS community about that. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-container: Trying to use a bookworm chroot with a buster host fails / Failed to create /init.scope control group

2022-10-16 Thread Lennart Poettering
On So, 16.10.22 21:02, Michael Biebl (mbi...@gmail.com) wrote: > Am So., 16. Okt. 2022 um 16:23 Uhr schrieb Lennart Poettering > : > > > > On Fr, 14.10.22 22:57, Michael Biebl (mbi...@gmail.com) wrote: > > > > > Hi, > > > > > > since the iss

Re: [systemd-devel] user unit with delayed users homes mount - ?

2022-10-16 Thread Lennart Poettering
where $HOME must be mounted at the latest, and then systemd --user gets started off it and the user's login session is allowed to begin. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-container: Trying to use a bookworm chroot with a buster host fails / Failed to create /init.scope control group

2022-10-16 Thread Lennart Poettering
systemd should discover everything on its own and just work when run in an older container manager/cgroup environment. But it's not something we would regularly test. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Finding network interface name in different distro

2022-10-16 Thread Lennart Poettering
-naming-scheme man page) Use "udevadm info /sys/class/net/" to query the udev db for automatically generated names. Relevant udev props to look out for are: ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH ID_NET_NAME_MAC These using hwdb info, firmware info, slot info, device path info or MAC addresss for naming. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] daemon-reload does not pick up changes to /etc/systemd/system during boot

2022-10-13 Thread Lennart Poettering
ed dep will be started if not running. It means "systemctl stop" of a dependent service will be immediately undone though, i.e. it has quite different semantics from the usual Wants=. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-udevd -any way to list triggered rules with their files etc ?

2022-10-10 Thread Lennart Poettering
n > /dev/bus/usb/00x/00y gets created with MODE=0640 and root:usb As mentioned elsewhere, what's a usbfs file, not a netif. network interfaces have no ownership concept. > I'm at a loss here. How is one supposed to get more detailed info on > what's and WHY is going on with systemd-udevd tree processing ? if you boot up with "debug" you should get tons of debug output to wade through. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Attaching virtual session (e.g. SSH) to seat

2022-10-10 Thread Lennart Poettering
one in the fg and all others in the bg, but any of them could be put in the fg any time. but that simply makes no conceptual sense if an SSH session is in the mix. Sorry if that's disappointing. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-repart help requested please

2022-10-10 Thread Lennart Poettering
heir own, and wouldn't mind sharing. Happy to help! We should probably open a group chat somewhere for people who want to build images like that. Since I am usually at home in Signal for things like that, maybe we should open a chat room there for that? (nah, not an IRC fan, not gonna return there, sorry) Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] prevent systemd-journald rotating message

2022-10-10 Thread Lennart Poettering
acd/system.journal: > Journal header limits reached or header out-of-date, rotating. No, we have no concept of turning off individual log messages. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Is it possible to let systemd create a listening socket and yet be able to have that socket activate nothing, at least temporarily?

2022-10-10 Thread Lennart Poettering
service`. And then add `ConditionFileExists=!/some/touch/file` to `foo-upgrade.service` to make it a NOP if things have already been updated, using a touch file. (some better, smarter condition check might work as well, see man pages of things systemd can check for you). Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Connect /usr/bin/init to docker container's STDOUT/STDIN

2022-09-30 Thread Lennart Poettering
ll container managers implement this more or less. Just Docker does not... You might be able to replace docker with podman, where supposed all this just works out of the box. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] networkd D-Bus API for link up/down?

2022-09-22 Thread Lennart Poettering
you don#t want to bother with rtnetlink for that you could even use the old BSD ioctls, i.e. SIOCSIFFLAGS. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] path service ExecStart arguments

2022-09-22 Thread Lennart Poettering
debugging, then things should be implemented differently, i.e. you get called and then scan yourself what is in the directory you watch. That makes things robust towards lost events. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Compile Standalone binaries

2022-09-22 Thread Lennart Poettering
Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] boot-complete.target dependencies issue

2022-09-17 Thread Lennart Poettering
means rule #2 won't take effect anymore. With that in place things should just work (untested, but afaics), as it means s-b-c-n-f.s can run after multi-user.target, and then boot-complete.target after that, and then finally your service. Does that make sense? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Real-time scheduling doesn't work with StartupCPUWeight/CPUWeight

2022-09-17 Thread Lennart Poettering
he threads are created and configured after the startup > phase has finished. Please consult README, look for comment on CONFIG_RT_GROUP_SCHED=n. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] /run/systemd/propagate/example.service deletion

2022-09-15 Thread Lennart Poettering
gs considered, shouldn’t these directories be deleted after a service > stops? THis is probably a bug. Can you please file an issue on systemd github about this? https://github.com/systemd/systemd/issues/new?assignees==bug+%F0%9F%90%9B=bug_report.yml Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] socket activation socket context when using SELinuxContextFromNet

2022-09-14 Thread Lennart Poettering
nerally not. Sorry, if that's disappointing. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-network and loopback

2022-09-09 Thread Lennart Poettering
so that it ends up on local sockets. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] socket activation selinux context on create

2022-09-02 Thread Lennart Poettering
t that. (consider filing an RFE issue on github, so that this is tracked) Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] socket activation selinux context on create

2022-08-26 Thread Lennart Poettering
o you?. I've also posted to the selinux list but > haven't gotten any responses yet. Uh, that's a question for the selinux people. I only have a limited insight into selinux, and wouldn't know how to do such things. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Ordering units and targets with devices

2022-08-25 Thread Lennart Poettering
ed in libfido2 though, it will now take a BSD lock on the device while talking to it, thus synchronizing access properly. See this bug: https://github.com/systemd/systemd/issues/23889 Maybe it's sufficient to update libfido2 on your system? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Ordering units and targets with devices

2022-08-25 Thread Lennart Poettering
. I do have a /etc/crypttab file. systemd-cryptsetup can wait on its own for a FIDO2 token, no need to do that with unit deps? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Are logs at /run/log/journal automerged?

2022-08-25 Thread Lennart Poettering
ith boot). > > Is my guess correct? Logs at /run/log/journal are automerged, logs at > /var/run/journal aren't. As mentioned abive, when the logs are flushed from /run/ to /var/ in systemd-journal-flush.service they are merged into one new journal file, which is located in the machine I

Re: [systemd-devel] socket activation selinux context on create

2022-08-25 Thread Lennart Poettering
assigned should be encoded in the database and in the policy but not elsewhere, i.e. in unit files. I think that philosophy does make sense. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] nfs-convert.service

2022-08-22 Thread Lennart Poettering
ee every nfs related service dependent on nfs-convert.service Did you issue "systemctl daemon-reload"? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] What is the shutdown sequence with systemd and dracut?

2022-08-15 Thread Lennart Poettering
ck into an initrd env. Hence for them PID 1 during shutdown first transitions from the service manager into systemd-shutdown, and then from there into into the initrd script, and then back into systemd-shutdown. I like their approach. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Antw: [systemd‑devel] Antw: [EXT] What is the shutdown sequence with systemd and dracut?

2022-08-15 Thread Lennart Poettering
the in > > initrd, right? > > Sorry: s/mist the in/must be in the" systemd-shutdown actually pivots the rootdir into the /run/initramfs subdir, when invoking the initrd shutdown script. Thus at that point all fs paths refer to subdirs below /run/initramfs. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] What is the shutdown sequence with systemd and dracut?

2022-08-15 Thread Lennart Poettering
boot/poweroff/kexec. Nah, the killing of processes it already did between steps 2 and 3. Also, as mentioned systemd-shutdown doesn't run at this time anymore. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-nspawn container not starting on RHEL9.0

2022-08-10 Thread Lennart Poettering
t, you should see the copy_file_range() stuff there. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-nspawn container not starting on RHEL9.0

2022-08-10 Thread Lennart Poettering
btrfs with ENOTTY, and given you have xfs this is behaving as it should. It then starts copying things manually, which is slow. i.e. it's then basically doing what "cp -a" does. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-nspawn container not starting on RHEL9.0

2022-08-04 Thread Lennart Poettering
appreciate any help/references. Try straceing nspawn, to see what it does. strace -f -y -s 500 -o /tmp/nspawnstrace.log systemd-nspawn … Then look at the generated log and see what is busy doing... If unsure paste things somewhre. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd-nspawn container not starting on RHEL9.0

2022-08-04 Thread Lennart Poettering
t might hence simply be that we are busy individually copying all files... Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] How can we debug systemd-gpt-auto-generator failures?

2022-07-28 Thread Lennart Poettering
IFDIR|0755, st_size=0, ...}) = 0 > close(3)= 0 > openat(4, "0:0", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = -1 ENOENT (No > such file or directory) > close(4) > > So it's trying to open() /sys/dev/block/0:0, but my system does not > have that dev

Re: [systemd-devel] Antw: [EXT] Re: Feedback sought: can we drop cgroupv1 support soon?

2022-07-28 Thread Lennart Poettering
gurable. Kernel command line option systemd.unified_cgroup_hierarchy=yes|no Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] sd_bus_process semantics

2022-07-25 Thread Lennart Poettering
caller. Only messages that no registered handler has indicated "ownership" in will be returned to the caller. I guess we should document that. Added to TODO list. Th idea is basically that you have two choices for processing messages: install a filter/handler, or process them via sd_bus_process() returns. Pick one. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Feedback sought: can we drop cgroupv1 support soon?

2022-07-22 Thread Lennart Poettering
On Fr, 22.07.22 12:15, Lennart Poettering (mzerq...@0pointer.de) wrote: > > I guess that would mean holding on to cgroup1 support until EOY 2023 > > or thereabout? > > That does sound OK to me. We can mark it deprecated before though, > i.e. generate warnings, and remove

Re: [systemd-devel] Feedback sought: can we drop cgroupv1 support soon?

2022-07-22 Thread Lennart Poettering
On Fr, 22.07.22 12:37, Wols Lists (antli...@youngman.org.uk) wrote: > On 22/07/2022 11:15, Lennart Poettering wrote: > > > I guess that would mean holding on to cgroup1 support until EOY 2023 > > > or thereabout? > > > That does sound OK to me. We can mark it dep

Re: [systemd-devel] Feedback sought: can we drop cgroupv1 support soon?

2022-07-22 Thread Lennart Poettering
same system as one will only work on cgroup1 and the > other only on cgroup2. I am pretty sure this works fine with nspawn... > I guess that would mean holding on to cgroup1 support until EOY 2023 > or thereabout? That does sound OK to me. We can mark it deprecated before though, i.e. generat

Re: [systemd-devel] Feedback sought: can we drop cgroupv1 support soon?

2022-07-22 Thread Lennart Poettering
support, once the age difference is beyond some boundary. The question is at what that boundary is. Much the same way as we have a baseline on kernel versions systemd supports (currently 3.15, soon 4.5), we probably should start to define a baseline of what to expect from a container manager. Lennart -- Lennart Poettering, Berlin

[systemd-devel] Feedback sought: can we drop cgroupv1 support soon?

2022-07-21 Thread Lennart Poettering
*will* come eventually either way, but what's still up for discussion is to determine precisely when. hence, please let us know! Thanks, Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Issues with /usr GPT auto-mount

2022-07-14 Thread Lennart Poettering
On Do, 14.07.22 12:40, Michael Cassaniti (mich...@cassaniti.id.au) wrote: > Should I at least raise a feature request in GitHub? Please do! Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Issues with /usr GPT auto-mount

2022-07-14 Thread Lennart Poettering
lls in the gap. (In my own usecase I always used usrhash= on the kernel cmdline, to pin a specific /usr/ fs to a specific kernel, thus /usr/ auto discovery was never needed, but we should definitely support that too) Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Antw: [EXT] Re: [systemd‑devel] Running actual systemd‑based distribution image in systemd‑nspawn

2022-07-11 Thread Lennart Poettering
e. concept 1 should always be done. If you then also adopt concept 2 is up to you. You can, but you don't have to. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Service output missing from journal?

2022-07-04 Thread Lennart Poettering
On Mo, 04.07.22 23:15, Michael Biebl (mbi...@gmail.com) wrote: > Am Mo., 4. Juli 2022 um 19:36 Uhr schrieb Lennart Poettering > : > > > > eOn So, 03.07.22 19:29, Uwe Geuder (systemd-devel-ugeu...@snkmail.com) > > wrote: > > > > > Hi! > > > >

Re: [systemd-devel] Service output missing from journal?

2022-07-04 Thread Lennart Poettering
The problem was originally noted in a somewhat loaded system. However, > above reproducer (including the 2 echo commands and a shorter sleep) > shows the same problem even on an idling machine. https://github.com/systemd/systemd/issues/2913 Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] show container limits?

2022-07-04 Thread Lennart Poettering
ot use systemd tools to inspect or manage resources. You can use "systemd-cgtop" to show current resource usage of any cgroup (regardless if managed by systemd or not), but it doesn't show limits bein enforced, but that would probably make sense to add... Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Unable to check 'effective' cgroup limits

2022-07-04 Thread Lennart Poettering
and read what's set there, for now? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] homed: Purpose of assert(!h->current_operation)

2022-07-04 Thread Lennart Poettering
allow exactly one operation to be executed at once, and all other ones are queued. Thus, when we start to execute one operation we check that there is none already being executed, because if it was, then there's a bug somewhere. Why do you ask? did you actually see the assertion being hit? L

Re: [systemd-devel] Waiting for network routes to appear

2022-07-04 Thread Lennart Poettering
s to me you should ask the "bird" project for this functionalit instead? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] mkosi inside a toolbox container

2022-07-04 Thread Lennart Poettering
u have to fix the kernel to properly virtualize block devices for kernels. Good luck! Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] capabilities for systemd --user

2022-07-04 Thread Lennart Poettering
passed. It might be a slight compat breakage, but I think it would be safer that way, as the service execution environment becomes more uniform then. Security credentials should be passed down to user services opt-in, not opt-out after all. Can you prep a patch for that and submit via github? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] https://github.com/QubesOS/qubes-issues/issues/7335

2022-07-04 Thread Lennart Poettering
ly. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] [libudev] is there a function to filter message from kernel with property and value

2022-07-04 Thread Lennart Poettering
ould use tags instead. Also, libudev is obsolete and does not recieve new additions. Use the sd-device API instead. -- Lennart Poettering, Berlin

Re: [systemd-devel] Unit shutdown order not always respected

2022-07-01 Thread Lennart Poettering
ally you probably have some odering cycle between units, which we'll try to fix for you, but which will of course mean the ordering is not going to be executed in full. See: https://freedesktop.org/wiki/Software/systemd/Debugging/#diagnosingshutdownproblems Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Running actual systemd-based distribution image in systemd-nspawn

2022-06-30 Thread Lennart Poettering
s, --bind=/dev/null:/etc/fstab > > allows boot to complete. Of course next it refuses root login because > pts/0 is not secure :) pam_securetty is archaic cruft, and a broken idea. Please work with your distribution to remove it. It might have made some vague sense on 1980's fixed line terminal environments, but is security theatre and a nothing more than a nuisance in today's world. Modern distributions do not enable it anymore. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Running actual systemd-based distribution image in systemd-nspawn

2022-06-30 Thread Lennart Poettering
cessing!) and see if that helps? No need. Should happen automatically. That said: I strongly recommend that distros ship empty /etc/fstab by default, and rely on GPT partition auto discovery (i.e. systemd-gpt-auto-generator) to mount everything, and only depart from that if there's a strong re

Re: [systemd-devel] Running actual systemd-based distribution image in systemd-nspawn

2022-06-30 Thread Lennart Poettering
units > inside of container (it stops in single user allowing me to use sysctl > -t device). > > Is it supposed to work at all? Even if I bind mount /dev/disk it does > not help as systemd does not care whether device is actually present or not. Yes, this should just work. I

Re: [systemd-devel] Questions around cgroups, systemd, containers

2022-05-21 Thread Lennart Poettering
enabled? enabled *in* *what*? in the kernel? /proc/cgroups. Mounted? "mount" maybe? in your container mgr? depends on that. > - What is it that determines which controllers are enabled? Is it kernel > configuration applied at boot? Enabled where? > - Is it possible to h

Re: [systemd-devel] systemd-cryptsetup@.service crash during boot with fido2-device=auto

2022-05-18 Thread Lennart Poettering
; /etc/crypttab or I have tpm2-device=auto the service succeeds - but > won't use the fido device.. And that's probably obvious for everyone > here but I'm stumped. hmm, fido? or tpm? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Should `MACAddressPolicy=persistent` for bridges/bonds/all-software-devices be reconsidered?

2022-05-12 Thread Lennart Poettering
set yet. This means cloud providers can control the machine ID a system will use ahead of time. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Should `MACAddressPolicy=persistent` for bridges/bonds/all-software-devices be reconsidered?

2022-05-12 Thread Lennart Poettering
so, afaik OSes that run in clouds all have some tool like cloud-init or ignition or so, which generate .network files in /run with the right configuration. Why not generate .link files in /run the same way with a MAC policy appropriate for the cloud provider? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] [SPAM] Re: Custom options and passing options via command line.

2022-05-10 Thread Lennart Poettering
On Di, 10.05.22 18:29, Kamil Jońca (kjo...@op.pl) wrote: > Lennart Poettering writes: > > > On Di, 10.05.22 17:59, Kamil Jońca (kjo...@op.pl) wrote: > > > >> Maybe I was not clear. > >> I have ("internal") interfaces qemu1 and qemu2. and interface et

Re: [systemd-devel] [SPAM] Re: Custom options and passing options via command line.

2022-05-10 Thread Lennart Poettering
need to involve networkd. Just define the firewall outside of > > networkd? > Of course. Like most nontrivial things I want to do. > That was my point. But why involve a callout at all if it's not dynamic? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] [SPAM] Re: Custom options and passing options via command line.

2022-05-10 Thread Lennart Poettering
On Di, 10.05.22 17:46, Kamil Jońca (kjo...@op.pl) wrote: > Lennart Poettering writes: > > > On Di, 10.05.22 12:00, Kamil Jońca (kjo...@op.pl) wrote: > > > >> > The engine is decided at build time, i.e. can be either iptables or > >> > nftables

Re: [systemd-devel] systemd tries to terminate a process that seems to have exited

2022-05-10 Thread Lennart Poettering
ncient... i figure this then also means you are stuck with cgroupv1. Which means cgroup empty notifications in containers typically don#t work. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd tries to terminate a process that seems to have exited

2022-05-10 Thread Lennart Poettering
in cgroupsv1 mode. cgroup empty notifications do not work reliably in containers on cgroupsv1. Use cgroupsv2. (but i think docker doesn't support that) Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] systemd tries to terminate a process that seems to have exited

2022-05-10 Thread Lennart Poettering
1 (or did that change?) i see no perspective there. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] [SPAM] Re: Custom options and passing options via command line.

2022-05-10 Thread Lennart Poettering
gt; 2. nat based on destination network. > > I want to nat only traffic to say, 192.168.10.0/24, leaving rest > untouched. (This is case when I have ipsec tunnel and I want to nat only > traffic to other endpoint) If this does not deal in interfaces, but in IP addresses instead, no need to involve networkd. Just define the firewall outside of networkd? Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] [SPAM] Re: Custom options and passing options via command line.

2022-05-10 Thread Lennart Poettering
before upping the iface. networkd always wants a complete, declarative idea of what it is supposed to configure, so that it can adjust things to that. by doing callouts that modify state you lose that ability, since networkd never has a complete idea of what is supposed to be in effect, and once you reload config things will be very confusing. Lennart -- Lennart Poettering, Berlin

Re: [systemd-devel] Relationship between cgroup hierarchy and slice names

2022-05-10 Thread Lennart Poettering
On Do, 05.05.22 19:12, Yeongjin Kwon (yeongjink...@gmail.com) wrote: > On Thu, May 5, 2022 at 11:17 AM Lennart Poettering > wrote: > > > > On Do, 05.05.22 10:44, Yeongjin Kwon (yeongjink...@gmail.com) wrote: > > > > > On Wed, May 4, 2022 at 4:03 A

Re: [systemd-devel] [SPAM] Re: Custom options and passing options via command line.

2022-05-10 Thread Lennart Poettering
rety: if you muck with what it sets up it likely will override > > your changes sooner or later, when some event happens... you have a > > I do not want interfere with interfaces "per se" I simply want to get > some info from systemd and pass it to dnsmasq (for DNS) or nftables (for > filtering) . That's it. You started out asking about default routes? Lennart -- Lennart Poettering, Berlin

  1   2   3   4   5   6   7   8   9   10   >