Re: [systemd-devel] Improve boot-time of systemd-based device, revisited

2015-06-14 21:17 GMT+08:00 cee1 : > Hi all, > > I've recently got another chance to improve the boot-time of a > systemd-based device. I'd like to share the experience here, and some > thoughts and questions. Two more articles about boot optimization: * http://freedesktop.org/wiki/Software/systemd

Re: [systemd-devel] Pass environment variables down to systemd-service in container

Excerpts from Lennart Poettering's message of 2015-06-18 20:07:50 +0200: > On Tue, 16.06.15 17:49, Peter Paule (systemd-de...@fedux.org) wrote: > > I'd be willing to add a setting called PassEnvironment= that takes a > list of env vars to import from PID1's env block. Great! Thanks a lot. > Happ

Re: [systemd-devel] [PATCH v3 2/2] selinux: fix unnecessary generic SELinux check due to unit objects in UNIT_NOT_FOUND

Patchset imported to github. To create a pull request, one of the main developers has to initiate one via: -- Generated by https://github.com/haraldh/mail2git ___

[systemd-devel] [PATCH v3 2/2] selinux: fix unnecessary generic SELinux check due to unit objects in UNIT_NOT_FOUND

systemd creates a unit object of A.service when it is referenced in various contexts such as that systemd parses a unit file and finds a dependency, like After=A.service, in some unit file or via systemd is requested a D-Bus operation such as systemctl status A.service, and then registers it in man

[systemd-devel] [PATCH v3 1/2] selinux: fix missing SELinux unit access check

Currently, SELinux unit access check is not performed if a given unit file has not been registered in a hash table. This is because function manager_get_unit() only tries to pick up a Unit object from a Unit hash table. Instead, we use function manager_load_unit() searching Unit file pathes for the

[systemd-devel] leftover interface

Not sure how I just managed to do that, but after an nspawn run with -n, I have a leftover ve-xxx interface on the host. The container/machine is gone, the (ephemeral) file system is gone, just the interface is still there. Also sometimes it seems that the ephemeral subvolume stays around if the

Re: [systemd-devel] A missing SELinux unit access check due to unexpected UNIT_NOT_FOUND unit object

From: Lennart Poettering Subject: Re: [systemd-devel] A missing SELinux unit access check due to unexpected UNIT_NOT_FOUND unit object Date: Thu, 18 Jun 2015 13:23:25 +0200 > On Thu, 18.06.15 18:14, HATAYAMA Daisuke (d.hatay...@jp.fujitsu.com) wrote: > >> Currently, there's a behavior that an u

Re: [systemd-devel] [PATCH v2] selinux: fix missing SELinux unit access check

From: Lennart Poettering Subject: Re: [systemd-devel] [PATCH v2] selinux: fix missing SELinux unit access check Date: Thu, 18 Jun 2015 13:30:43 +0200 > On Thu, 18.06.15 18:29, HATAYAMA Daisuke (d.hatay...@jp.fujitsu.com) wrote: > >> >> int r; >> >> >> >> STRV_FOREACH(i, unit

Re: [systemd-devel] systemd-nspawn: cannot join existing macvlan

On Thu, Jun 18, 2015 at 9:10 PM, Lennart Poettering wrote: > On Sat, 30.05.15 19:55, Kai Krakow (hurikha...@gmail.com) wrote: > >> The next issue with your argument is: AFAIR nspawn doesn't create a macvlan >> interface based on the machine name. You have to pass the name of a physical >> interfac

Re: [systemd-devel] Performance of systemctl status tab completion

On Thu, Jun 18, 2015 at 11:54 AM, Lennart Poettering wrote: > On Tue, 02.06.15 12:18, Chris Morgan (chmor...@gmail.com) wrote: >> systemd 216 here on an embedded arm system, 1ghz with a load of 60% or >> more. I enabled tab completion, because I really don't like to type, >> and quickly found out

Re: [systemd-devel] kexec returns error code 1

Lennart Poettering wrote on 06/18/2015 11:10:49 AM: > On Fri, 22.05.15 15:59, aaron_wri...@selinc.com > (aaron_wri...@selinc.com) wrote: > > > I'm trying to get kexec reboots to work on my box with systemd. I can get > > "kexec -l ..." and "kexec -e" to work when ran straight from the comman

[systemd-devel] Fwd: systemd-nspawn network interface name collisions

forgot the list -- Forwarded message -- From: Florian Koch Date: 2015-06-18 22:03 GMT+02:00 Subject: Re: [systemd-devel] systemd-nspawn network interface name collisions To: Lennart Poettering 2015-06-18 18:42 GMT+02:00 Lennart Poettering : > On Thu, 18.06.15 18:27, Floria

Re: [systemd-devel] nspawn: No Return key in machinectl login?

On Tue, 26.05.15 21:40, Tobias Hunger (tobias.hun...@gmail.com) wrote: > This is stty -a from outside the container: > > speed 38400 baud; rows 46; columns 114; line = 0; > intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = M-^?; > eol2 = M-^?; swtch = ; start = ^Q; > stop = ^S; susp =

Re: [systemd-devel] systemd-nspawn: cannot join existing macvlan

On Sat, 30.05.15 19:55, Kai Krakow (hurikha...@gmail.com) wrote: > The next issue with your argument is: AFAIR nspawn doesn't create a macvlan > interface based on the machine name. You have to pass the name of a physical > interface which transports this macvlan. The man page at least states th

Re: [systemd-devel] [PATCH v2] Add support for transient presets, applied on every boot.

On Mon, 15.06.15 16:37, Dimitri John Ledkov (dimitri.j.led...@intel.com) wrote: > >> + > >> int main(int argc, char *argv[]) { > >> Manager *m = NULL; > >> int r, retval = EXIT_FAILURE; > >> @@ -1619,6 +1636,16 @@ int main(int argc, char *argv[]) { > >> if (arg_running_

Re: [systemd-devel] Performance of systemctl status tab completion

On Tue, 02.06.15 12:18, Chris Morgan (chmor...@gmail.com) wrote: > Hi all. > > systemd 216 here on an embedded arm system, 1ghz with a load of 60% or > more. I enabled tab completion, because I really don't like to type, > and quickly found out that something like: > > systemctl status xx > > T

Re: [systemd-devel] In what case will debugfs be mounted multi-times?

On Sat, 13.06.15 15:56, cee1 (fykc...@gmail.com) wrote: > 2015-06-09 18:10 GMT+08:00 Lennart Poettering : > > On Thu, 04.06.15 23:41, cee1 (fykc...@gmail.com) wrote: > >> So why the Debug File System is mounted multi-times here? Any idea? > > > > Hmm, my suspicion is that the file system might act

Re: [systemd-devel] Vendor default masked service

On Mon, 01.06.15 08:25, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: > >> > Wouldn't that work? > >> > >> For dbus activation it would work but other services can still > >> activate the service through systemd. > > > > But why is that a problem? If daemons explicitly request another > > serv

Re: [systemd-devel] networkd bridge masquerading

On Thu, 2015-06-18 at 19:34 +0200, Lennart Poettering wrote: > On Thu, 18.06.15 13:19, Dimitri John Ledkov (dimitri.j.led...@intel.com) > wrote: > > > Without adding any veth / tap interfaces to the bridge. My expectation is > > for such a bridge to come up correctly. However in journalctl I get:

Re: [systemd-devel] [PATCH 9/9] man: Document \: escapes in nspawn's --overlay option

On Thu, 28.05.15 13:02, Richard Maw (richard@codethink.co.uk) wrote: The other patches look fine! Sorry for the late review. Please submit the next iteration via github to make it easier to review this! Thanks! Lennart -- Lennart Poettering, Red Hat __

Re: [systemd-devel] [PATCH 7/9] nspawn: escape paths in overlay mount options

On Thu, 28.05.15 13:02, Richard Maw (richard@codethink.co.uk) wrote: > Overlayfs uses , as an option separator and : as a list separator. These > characters are both valid in file paths, so overlayfs allows file paths > which contain these characters to backslash escape these values. > --- >

Re: [systemd-devel] [PATCH 1/9] util: Add unescape_first_word()

On Thu, 28.05.15 13:02, Richard Maw (richard@codethink.co.uk) wrote: > This is a superset of the functionality of unquote_first_word, allowing > non-whitespace separators, and doesn't interpret quotes unless > UNQUOTE_QUOTES is included in flags. Hmm, makes sense, but I'd actually just have o

Re: [systemd-devel] Starting units when a port is available for connections

On Thu, 28.05.15 18:35, Adam Zegelin (a...@instaclustr.com) wrote: > > > On 27 May 2015, at 8:40 pm, Andrei Borzenkov wrote: > > > > Hmm ... this sounds suspiciously like what D-Bus does. Did you consider > > using D-Bus in your application? > > > > But for now there is no way to express such

Re: [systemd-devel] Starting units when a port is available for connections

On Wed, 27.05.15 19:09, Adam Zegelin (a...@instaclustr.com) wrote: Heya, > I’ve successfully managed to set the service type to “notify” and > modify C* to call sd_notify() when is ready to accept client > connections. Further experimentation reveals that this is not an > ideal solution. C* can

Re: [systemd-devel] kexec returns error code 1

On Fri, 22.05.15 15:59, aaron_wri...@selinc.com (aaron_wri...@selinc.com) wrote: > I'm trying to get kexec reboots to work on my box with systemd. I can get > "kexec -l ..." and "kexec -e" to work when ran straight from the command > line, but when I run "kexec -l ..." and "systemctl kexec" I ge

Re: [systemd-devel] Pass environment variables down to systemd-service in container

On Tue, 16.06.15 17:49, Peter Paule (systemd-de...@fedux.org) wrote: > Excerpts from Lennart Poettering's message of 2015-06-15 00:32:09 +0200: > > > > Nope, we deliberately clean up the env block we pass to services. > > > > Mmmh, would it possible to add some kind of a whitelist for environme

Re: [systemd-devel] "Unit type .busname is not supported on this system." when setting up timer

B1;4002;0cOn Thu, 18.06.15 19:00, Kai Hendry (hen...@webconverger.com) wrote: > On Thu, 18 Jun 2015, at 06:56 PM, Lennart Poettering wrote: > > nah, this is completely unrelated. The message was printed on > > kdbus-less systems. We have now downgraded this so that nobody has to > > see this unles

Re: [systemd-devel] "Unit type .busname is not supported on this system." when setting up timer

On Thu, 18 Jun 2015, at 06:56 PM, Lennart Poettering wrote: > nah, this is completely unrelated. The message was printed on > kdbus-less systems. We have now downgraded this so that nobody has to > see this unless he turns on debug logging. Ah, ok. Though could you recognise what's wrong with my t

Re: [systemd-devel] "Unit type .busname is not supported on this system." when setting up timer

B1;4002;0cOn Thu, 18.06.15 14:09, Kai Hendry (hen...@webconverger.com) wrote: > On Thu, 18 Jun 2015, at 12:54 PM, Lennart Poettering wrote: > > This message is downgraded with 220 and newer. Please update. > > Thanks for the reply, though my Alarm device is upto date. Guess I need > to wait for A

Re: [systemd-devel] Scripting a server test

On Mon, 15.06.15 12:17, Johannes Ernst (johannes.er...@gmail.com) wrote: > This is a best-practice question. > > I’d like to automate testing of a web application (running in a container) by > running curl from the host. The logical sequence should be: > > * boot container using local tar file

Re: [systemd-devel] /etc/resolv.conf link in container

On Wed, 17.06.15 13:35, Johannes Ernst (johannes.er...@gmail.com) wrote: > > If you pass --private-network / -n, then we never touch resolv.conf. > > In all other cases, we copy resolv.conf from the host into the > > container. We usually assume that if your container runs in the same > > network

Re: [systemd-devel] /etc/resolv.conf link in container

On Wed, 17.06.15 10:07, David Herrmann (dh.herrm...@gmail.com) wrote: > Hi > > On Tue, Jun 16, 2015 at 11:39 PM, Johannes Ernst > wrote: > > I have a root filesystem in directory foo/ > > It has symlink > > foo/etc/resolv.conf -> /run/systemd/resolve/resolv.conf > > > > When I’m booting the

Re: [systemd-devel] networkd bridge masquerading

On Thu, 18.06.15 13:19, Dimitri John Ledkov (dimitri.j.led...@intel.com) wrote: > Without adding any veth / tap interfaces to the bridge. My expectation is > for such a bridge to come up correctly. However in journalctl I get: > > br0 : Could not enable IP masquerading: Operation not sup

Re: [systemd-devel] remote-fs dependency/ordering on network

On Thu, 18.06.15 15:46, Lukáš Nykrýn (lnyk...@redhat.com) wrote: > Jan Synáček píše v Čt 18. 06. 2015 v 15:41 +0200: > > Is remote-fs.target somehow dependent/ordered on network.target or > > network-online.target? I can't find anything that would suggest it > > actually is. > > > > Cheers, > >

Re: [systemd-devel] systemd-nspawn network interface name collisions

On Thu, 18.06.15 18:27, Florian Koch (florian.koch1...@gmail.com) wrote: > Hi, > > if i understnd this correct, the network interface names (veth and > macvlan) are created with the frist 11 Caracters from the > Containername (Machinename). IFNAMSIZ emposed by the Linux kernel is 16, and we need

[systemd-devel] systemd-nspawn network interface name collisions

Hi, if i understnd this correct, the network interface names (veth and macvlan) are created with the frist 11 Caracters from the Containername (Machinename). Now if you use similar names for conatiners, like com.$company.$devision.$name1 com.$company.$devision.$name2 com.$company.$devision.$name

Re: [systemd-devel] Minimum required gcc version?

On Thu, 18.06.15 17:33, Michael Olbrich (m.olbr...@pengutronix.de) wrote: > Hi, > > On Thu, Jun 18, 2015 at 03:20:04PM +0200, Lennart Poettering wrote: > > On Thu, 18.06.15 14:29, Michael Olbrich (m.olbr...@pengutronix.de) wrote: > > > Do we have a minimum required gcc version? The README just li

Re: [systemd-devel] Minimum required gcc version?

Hi, On Thu, Jun 18, 2015 at 03:20:04PM +0200, Lennart Poettering wrote: > On Thu, 18.06.15 14:29, Michael Olbrich (m.olbr...@pengutronix.de) wrote: > > Do we have a minimum required gcc version? The README just lists gcc > > without any version. However the current git fails to build with gcc-4.7:

Re: [systemd-devel] remote-fs dependency/ordering on network

Jan Synáček píše v Čt 18. 06. 2015 v 15:41 +0200: > Is remote-fs.target somehow dependent/ordered on network.target or > network-online.target? I can't find anything that would suggest it > actually is. > > Cheers, If I am not mistaken remote-fs.target should be after all netdev mounts and netdev

[systemd-devel] remote-fs dependency/ordering on network

Is remote-fs.target somehow dependent/ordered on network.target or network-online.target? I can't find anything that would suggest it actually is. Cheers, -- Jan Synacek Software Engineer, Red Hat signature.asc Description: PGP signature ___ systemd-d

Re: [systemd-devel] Minimum required gcc version?

On Thu, 18.06.15 14:29, Michael Olbrich (m.olbr...@pengutronix.de) wrote: > Hi, > > Do we have a minimum required gcc version? The README just lists gcc > without any version. However the current git fails to build with gcc-4.7: > In this version, gcc produces -Wshadow warnings for variables with

Re: [systemd-devel] "Unit type .busname is not supported on this system." when setting up timer

On Thu, 18 Jun 2015, at 12:54 PM, Lennart Poettering wrote: > This message is downgraded with 220 and newer. Please update. Thanks for the reply, though my Alarm device is upto date. Guess I need to wait for Archlinux package maintainers. Still I don't quite understand if there was something wron

[systemd-devel] Minimum required gcc version?

Hi, Do we have a minimum required gcc version? The README just lists gcc without any version. However the current git fails to build with gcc-4.7: In this version, gcc produces -Wshadow warnings for variables with the same name as a defined function (e.g. 'now' in several functions in src/core/dev

Re: [systemd-devel] networkd bridge masquerading

> > I'm trying to setup networking for containers/vms similar to e.g. docker0 > bridge, or lxcbr0. But purely with networkd. That is a bridge that is NATed > to provide internet access, and then attaching tap/veth devices to the > bridge. > > I did this at first: > > br0.netdev: > [NetDev] > Name=b

[systemd-devel] networkd bridge masquerading

I'm trying to setup networking for containers/vms similar to e.g. docker0 bridge, or lxcbr0. But purely with networkd. That is a bridge that is NATed to provide internet access, and then attaching tap/veth devices to the bridge. I did this at first: br0.netdev: [NetDev] Name=br0 Kind=bridge br0.

Re: [systemd-devel] systemd-resolved as dnsmasq replacement

On Thu, 18.06.15 07:57, Daurnimator (q...@daurnimator.com) wrote: > On 18 Jun 2015 3:51 am, "Lennart Poettering" wrote: > > > > On Wed, 17.06.15 19:48, Igor Bukanov (i...@mir2.org) wrote: > > > > > On 17 June 2015 at 15:27, Lennart Poettering > wrote: > > > > To hook up local name service > > >

Re: [systemd-devel] "Unit type .busname is not supported on this system." when setting up timer

On Thu, 18.06.15 11:09, Kai Hendry (hen...@webconverger.com) wrote: > Hi there, > > Trying to setup a timer on my Archilnux Arm Raspberry PI running systemd > 219-6. > > Can anyone spot a problem with my timer? > http://s.natalian.org/2015-06-17/1434580520_1912x1036.png Getting these > wierd err

Re: [systemd-devel] [PATCH v2] selinux: fix missing SELinux unit access check

On Thu, 18.06.15 18:29, HATAYAMA Daisuke (d.hatay...@jp.fujitsu.com) wrote: > >> int r; > >> > >> STRV_FOREACH(i, units) { > >> -u = manager_get_unit(m, *i); > >> +r = manager_load_unit(m, *i, NULL, error, &u); > >> +if (r < 0) >

Re: [systemd-devel] A missing SELinux unit access check due to unexpected UNIT_NOT_FOUND unit object

On Thu, 18.06.15 18:14, HATAYAMA Daisuke (d.hatay...@jp.fujitsu.com) wrote: > Currently, there's a behavior that an unit object in UNIT_NOT_FOUND > generated via After= dependency is unexpectedly? left in > manager->units hash table and SELinux unit access check is not > performed. No this is exp

[systemd-devel] "Unit type .busname is not supported on this system." when setting up timer

Hi there, Trying to setup a timer on my Archilnux Arm Raspberry PI running systemd 219-6. Can anyone spot a problem with my timer? http://s.natalian.org/2015-06-17/1434580520_1912x1036.png Getting these wierd error messages like: Unit type .busname is not supported on this system. systemd-analyz

Re: [systemd-devel] [PATCH v2] selinux: fix missing SELinux unit access check

From: Lennart Poettering Subject: Re: [systemd-devel] [PATCH v2] selinux: fix missing SELinux unit access check Date: Wed, 17 Jun 2015 18:25:32 +0200 > On Wed, 10.06.15 14:40, HATAYAMA Daisuke (d.hatay...@jp.fujitsu.com) wrote: > >> From 398deee74edb06b54b8a74c25697cd6d977d8f2d Mon Sep 17 00:00

[systemd-devel] A missing SELinux unit access check due to unexpected UNIT_NOT_FOUND unit object

Currently, there's a behavior that an unit object in UNIT_NOT_FOUND generated via After= dependency is unexpectedly? left in manager->units hash table and SELinux unit access check is not performed. I'm investigating this now but I don't figure out whether this is a really a bug or not because thi

Re: [systemd-devel] [HEADSUP] Intend to release 221 by the end of the week

On 06/18/2015 10:08 AM, Michael Olbrich wrote: > I have a pull request[1] that I think should be release-critical, but it > seems I can't add labels to it. Either I'm doing something wrong, or I > don't have the necessary permissions to add labels. > > Michael > > [1] https://github.com/systemd/s

Re: [systemd-devel] [HEADSUP] Intend to release 221 by the end of the week

On Mon, Jun 15, 2015 at 05:07:05PM +0200, Lennart Poettering wrote: > People asked for a heads-up on this: I intend to prepare v221 by the > end of this week. Thanks! > It's a good time to start testing what's currently in git! > > If you take this as hint to start your auto-builder however, th